In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template contents). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
{ "github_reviewed": true, "severity": "CRITICAL", "nvd_published_at": "2022-03-06T06:15:00Z", "github_reviewed_at": "2022-03-11T20:30:20Z", "cwe_ids": [ "CWE-1336" ] }