P0Wfuuo

Name of the Vulnerable Software and Affected Versions: latte/latte versions prior to 2.10.6 Description: The issue allows bypassing of `allowFunctions` restrictions, affecting the security of the application. When the template is set to allow or disallow certain functions, adding control characters (x00-x08) after the function bypasses these restrictions. Recommendations: For versions prior to 2.10.6, update to version 2.10.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of functions that can be bypassed by control characters until a patch is applied. Avoid using control characters (x00-x08) after functions in templates to minimize the risk of exploitation.