| 제목 | sarrionandia tournatrack 0.0 Improper Neutralization of Special Elements Used in a Template E |
|---|
| 설명 | A Server - Side Template Injection (SSTI) vulnerability has been discovered in Tournatrack, a debate tournament tracker for convenors. The flaw exists in the `/checkID` endpoint where user - provided `id` input isn't properly sanitized. Malicious actors can send crafted requests with Jinja2 expressions. This could lead to information disclosure, such as configuration details or sensitive files, and even remote code execution. As of now, the issue remains unfixed in the master branch.
More details: https://github.com/sarrionandia/tournatrack/issues/86 |
|---|
| 원천 | ⚠️ https://github.com/sarrionandia/tournatrack/issues/86 |
|---|
| 사용자 | ybdesire (UID 83239) |
|---|
| 제출 | 2025. 04. 09. PM 04:02 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 04. 18. PM 04:24 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 305659 [sarrionandia tournatrack 까지 4c13a23f43da5317eea4614870a7a8510fc540ec Jinja2 Template check_id.py 아이디 권한 상승] |
|---|
| 포인트들 | 20 |
|---|