CVE-2020-12668

Published
View on NVD ↗
CVSS v3
6.5
MEDIUM
CVSS v2
6.8
MEDIUM
Affected
1
PROJECT

Description

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.

HubSpot/jinjava
HubSpot/jinjava
Jinja template engine for Java
GitHubGitHub
779