CVE-2025-66844

Published December 15th, 2025

View on NVD ↗

CVSS v3

9.1

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered

Yohane-Mashiro/grav_cveUNAVAILABLE

这个项目的作者纯抽象，因为原作者不认只能交mitre了

GitHub