CNNVD-202602-549 Information

Feb 04, 2026 cve

CNNVD ID

CNNVD-202602-549

CVE-2026-25526

CNNVD Published: 2026-02-04

Description (Chinese)

HubSpot Jinjava是美国HubSpotn个人开发者的一个应用软件。提供基于Java的模板模板引擎，基于Django模板语法，适用于呈现jinja模板。 HubSpot Jinjava 2.7.6之前版本和2.8.3之前版本存在安全漏洞，该漏洞源于通过ForTag绕过限制，可能导致任意Java执行。

Description (English)

HubSpot Jinjava is an application of the personal developers of HubSpotn in the United States. Provide a template engine based on Java, based on the Django template syntax, applicable to the presentation of the jinja template. There was a security loophole in previous versions of HubSpot Jinjava 2.7.6 and before 2.8.3, which stemmed from the circumvention of restrictions through ForTag, which could lead to arbitrary Java implementation.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/HubSpot/jinjava/commit/3d02e504d8bbb13bf3fe019e9ca7b51dfce7a998 https://github.com/HubSpot/jinjava/commit/c7328dce6030ac718f88974196035edafef24441 https://github.com/HubSpot/jinjava/releases/tag/jinjava-2.7.6 https://github.com/HubSpot/jinjava/releases/tag/jinjava-2.8.3 https://github.com/HubSpot/jinjava/security/advisories/GHSA-gjx9-j8f8-7j74

Patch

https://github.com/HubSpot/jinjava/releases

Share on: