UBUNTU-CVE-2022-21648

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-21648

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-21648.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2022-21648

Related

CVE-2022-21648

Published

2022-01-04T20:15:00Z

Modified

2022-01-04T20:15:00Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the versions 2.8.8, 2.9.6 and 2.10.8. Users unable to upgrade should not accept template input from untrusted sources.

References

Affected packages

Ubuntu:Pro:16.04:LTS / php-nette

Package

Name: php-nette
Purl: pkg:deb/ubuntu/php-nette?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.4-1

2.3.5-1

2.3.7-1

2.3.8-1

2.3.8-1ubuntu1

2.3.8-1ubuntu1+esm1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:18.04:LTS / php-nette

Package

Name: php-nette
Purl: pkg:deb/ubuntu/php-nette?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4-20160731-1

2.4-20160731-1ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "low"
}