CVE-2022-37767
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-37767
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-37767.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-37767
- Aliases
- Published
- 2022-09-12T14:15:09.110Z
- Modified
- 2025-11-14T13:34:10.364626Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from an untrusted source, or else the application using the engine should apply restrictions to the input. The engine is not responsible for validating the input.
- Database specific
{ "isDisputed": true }- References
Affected packages
Git / github.com/pebbletemplates/pebble
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pebbletemplates/pebble
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
v0.*
v0.0.1-alpha
v0.0.2-alpha
v0.0.3-alpha
v0.1.0-beta
v0.1.1-beta
v0.1.2-beta
v0.1.3-beta
v0.1.4-beta
v0.1.5-beta
v0.2.0-beta
v0.3.0-beta
v0.4.0-beta
v1.*
v1.0.0
v1.1.0
v1.2.0
v1.3.0
v1.3.1
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v2.*
v2.0.0
v2.1.0
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.3.0
v2.4.0
v2.5.0
v2.5.1
v2.6.0
v2.6.1
v3.*
v3.0.0
v3.0.0.BETA01
v3.0.1
v3.0.10
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.1.0
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5