CVE-2021-42651

Name of the Vulnerable Software and Affected Versions Pentest-Collaboration-Framework version 1.0.8

Description A Server Side Template Injection (SSTI) vulnerability allows an authenticated remote attacker to execute arbitrary code through the "/project/PROJECTNAME/reports/" API endpoint.

Recommendations For Pentest-Collaboration-Framework version 1.0.8, consider restricting access to the "/project/PROJECTNAME/reports/" endpoint until a patch is available. As a temporary workaround, limit the functionality of this endpoint to prevent arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.