CVE-2021-46703

Name of the Vulnerable Software and Affected Versions Antaris RazorEngine versions through 4.5.1-alpha001

Description An attacker can execute arbitrary .NET code in a sandboxed environment if users can externally control template contents. This issue affects products that are no longer supported by the maintainer.

Recommendations For versions through 4.5.1-alpha001, consider restricting access to the IsolatedRazorEngine component to prevent external control of template contents until a supported version is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.