Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS00cm1yLWMyangtdngyN80l0A

High EPSS: 0.00236% (0.4639 Percentile) EPSS:
Permalink JSON

Mustache remote code injection vulnerability

Affected Packages Affected Versions Fixed Versions
packagist:mustache/mustache >= 2.0.0, < 2.14.1 2.14.1
332 Dependent packages
5,333 Dependent repositories
41,739,876 Downloads total

Affected Version Ranges

All affected versions

v2.0.0, v2.0.0-rc.1, v2.0.1, v2.0.2, v2.1.0, v2.2.0, v2.3.0, v2.3.1, v2.4.0, v2.4.1, v2.5.0, v2.5.1, v2.6.0, v2.6.1, v2.7.0, v2.8.0, v2.9.0, v2.10.0, v2.11.0, v2.11.1, v2.12.0, v2.13.0, v2.14.0

All unaffected versions

1.0.0, v2.14.1, v2.14.2, v3.0.0

In Mustache.php v2.0.0 through v2.14.0, Sections tag can lead to arbitrary php code execution even if strict_callables is true when section value is controllable.

References:

Identifiers

GHSA-4rmr-c2jx-vx27

CVE-2022-0323

Risk

Severity

High

EPSS

EPSS Percentage: 0.00236

EPSS Percentile: 0.4639

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/bobthecow/mustache.php

Date and time

Published

almost 4 years ago

Updated

almost 2 years ago

API

JSON