CNNVD-202509-2686 Information
CNNVD ID
CNNVD-202509-2686
Related CVE
- CNNVD Published: 2025-09-17
Description (Chinese)
HubSpot Jinjava是美国HubSpotn个人开发者的一个应用软件。提供基于Java的模板模板引擎,基于Django模板语法,适用于呈现jinja模板。 HubSpot Jinjava 2.8.1之前版本存在安全漏洞,该漏洞源于允许反序列化攻击者控制的输入,可能导致沙箱逃逸和远程代码执行。
Description (English)
HubSpot Jinjava is an application of the personal developers of HubSpotn in the United States. Provide a template engine based on Java, based on the Django template syntax, applicable to the presentation of the jinja template. The previous version of HubSpot Jinjava 2.8.1 had a security loophole, which stemmed from the entry allowing control by the counter-serializer, which could lead to sandbox escape and remote code enforcement.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-09-17
Last Modified
2026-02-24
References
https://github.com/HubSpot/jinjava/commit/66df351e7e8ad71ca04dcacb4b65782af820b8b1 https://github.com/HubSpot/jinjava/releases/tag/jinjava-2.8.1 https://github.com/HubSpot/jinjava/security/advisories/GHSA-m49c-g9wr-hv6v
Patch
https://github.com/HubSpot/jinjava/releases
Share on: