Akues-An

**Name of the Vulnerable Software and Affected Versions** JinJava versions prior to 2.7.6 JinJava versions prior to 2.8.3 **Description** JinJava is a Java-based template engine that uses django template syntax to render jinja templates. A flaw exists in the `ForTag` component that allows for arbitrary Java execution. This bypasses built-in sandbox restrictions, enabling arbitrary Java class instantiation and file access. The issue allows an attacker to circumvent security measures and potentially gain control of the system. **Recommendations** Update JinJava to version 2.7.6 or later. Update JinJava to version 2.8.3 or later.

**Name of the Vulnerable Software and Affected Versions** Craft CMS versions 3.9.14, 4.13.2, and 5.5.2 **Description** Craft CMS is susceptible to a remote code execution issue. This affects users whose php.ini configuration has `register argc argv` enabled. An unspecified remote code execution vector is present for these users. Approximately 150,000 sites created with Craft CMS are estimated to be affected. The vulnerability allows an attacker to pass code in place of CLI arguments, potentially gaining remote code execution. Exploitation has been demonstrated publicly, and a proof-of-concept (PoC) exploit is available. **Recommendations** Update to version 3.9.14. Update to version 4.13.2. Update to version 5.5.2. If an upgrade is not possible, disable the `register argc argv` setting in your php.ini configuration to mitigate the issue.