CVE-2022-2073

Name of the Vulnerable Software and Affected Versions getgrav/grav versions prior to 1.7.34

Description The issue concerns Server Side Template Injection via Twig, where Twig should not render dangerous functions by default, such as system. This is related to Code Injection in the GitHub repository getgrav/grav.

Recommendations For versions prior to 1.7.34, update to version 1.7.34 or later to resolve the issue. As a temporary workaround, consider restricting the use of Twig to minimize the risk of exploitation. Avoid using dangerous functions, such as system, in Twig templates until the issue is resolved.