Description
Pebble Templates 3.1.2 allows attackers to bypass a protection mechanism (intended to block access to instances of java.lang.Class) because getClass is accessible via the public static java.lang.Class java.lang.Class.forName(java.lang.Module,java.lang.String) signature.
Remediation
References
https://github.com/PebbleTemplates/pebble/issues/493
Related Vulnerabilities
CVE-2021-41183 Vulnerability in maven package org.webjars:jquery-ui
CVE-2023-22465 Vulnerability in maven package org.http4s:http4s-core
CVE-2023-26486 Vulnerability in npm package vega-functions
CVE-2020-28464 Vulnerability in npm package djv
CVE-2017-1000427 Vulnerability in maven package org.webjars:marked