CVE-2025-59340

Name of the Vulnerable Software and Affected Versions jinjava versions prior to 2.8.1

Description jinjava is a Java-based template engine. A sandbox escape flaw exists due to unrestricted interaction with the properties of JinjavaInterpreter instances, specifically through the ObjectMapper. By utilizing mapper.getTypeFactory().constructFromCanonical(), an attacker can deserialize attacker-controlled input into arbitrary classes, bypassing sandbox restrictions. This allows instantiation of classes like java.net.URL, enabling access to local files and URLs. With further exploitation, this can potentially lead to remote code execution (RCE). Over 289,100 instances are potentially exposed. The vulnerability allows escaping the sandbox and creating powerful primitives for file access and potentially RCE. The issue involves traversing from the int3rpr3t3r variable to the config field, which exposes an ObjectMapper. The JavaType class is not restricted, allowing attackers to leverage constructFromCanonical to instantiate semi-arbitrary classes.

Recommendations Update to version 2.8.1 or later.