Published: 03/02/2021 Updated: 05/02/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

In JetBrains YouTrack prior to 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jetbrains youtrack

CS5331 Server-Side Template Injection Project

Server Side Template Injection Project (CS5331) This Docker project contains a case study POC for CVE 2021-25770 on Youtrack, a replica code on Spring+Freemarker as well as replica code on PHP+Twig to demonstrate the generalized concept of SSTI Installation and Setup The project require Vagrant v234 and VirtualBox v7x installed, and execute the following on an x86 environm

CVE-2022-24442: FreeMarker Server-Side Template Injection in JetBrains YouTrack

CVE-2022-24442: FreeMarker Server-Side Template Injection in JetBrains YouTrack By inserting malicious content in the Notification FTL files, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and obtain RCE (Remote Code Execution) Note: This issue exists because of an incomplete fix for C

CWE-94 https://blog.jetbrains.com https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/https://nvd.nist.gov https://github.com/lamyongxian/cs5331-ssti

CVE-2021-25770

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect