Antaris/RazorEngine

Releases78

Frequency3 weeks 23 hours

Last Release almost 9 years ago

Stars2.17K

Open source templating engine based on Microsoft's Razor parsing engine

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-46703 ↗	Mar 6, 2022Sunday, 6 March 2022, 06:15	9.8 CRITICAL	7.5 HIGH
In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template contents). NOTE: This vulnerability only affects products that are no longer supported by the maintainer