Description
Pebble Templates 3.1.2 allows attackers to bypass a protection mechanism (intended to block access to instances of java.lang.Class) because getClass is accessible via the public static java.lang.Class java.lang.Class.forName(java.lang.Module,java.lang.String) signature.
Remediation
References
https://github.com/PebbleTemplates/pebble/issues/493
Related Vulnerabilities
CVE-2020-25020 Vulnerability in maven package net.sf.mpxj:mpxj
CVE-2023-4043 Vulnerability in maven package org.eclipse.parsson:project
CVE-2022-0624 Vulnerability in maven package org.webjars.npm:parse-path
CVE-2020-28279 Vulnerability in npm package flattenizer
CVE-2022-35961 Vulnerability in npm package @openzeppelin/contracts-upgradeable