PT-2019-9664 · Hubspot · Jinjava
Boulter
·
Published
2019-01-03
·
Updated
2019-10-03
·
CVE-2018-18893
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jinjava versions prior to 2.4.6
Description
The issue is related to the getClass method in Jinjava, specifically in the com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java file. This method is not properly blocked, which can lead to potential security issues.
Recommendations
For versions prior to 2.4.6, update to version 2.4.6 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jinjava