6.5
CVSSv2

CVE-2019-19999

Published: 26/12/2019 Updated: 08/01/2020
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

Halo prior to 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.

Vulnerability Trend

Affected Products

Vendor Product Versions
HaloHalo1.1.1, 1.1.3, 1.2.0