CVE-2021-29440

moderate-risk
Published 2021-04-13

Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. The issue was addressed in version 1.7.11.

Do I need to act?

!
14.4% chance of exploitation in next 30 days
EPSS score — higher than 86% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
49961
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.4/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Getgrav

References (8)

Exploit http://packetstormsecurity.com/files/162987/Grav-CMS-1.7.10-Server-Side-Template...
Exploit https://blog.sonarsource.com/grav-cms-code-execution-vulnerabilities
Third Party Advisory https://github.com/getgrav/grav/security/advisories/GHSA-g8r4-p96j-xfxc
Product https://packagist.org/packages/getgrav/grav
Exploit http://packetstormsecurity.com/files/162987/Grav-CMS-1.7.10-Server-Side-Template...
Exploit https://blog.sonarsource.com/grav-cms-code-execution-vulnerabilities
Third Party Advisory https://github.com/getgrav/grav/security/advisories/GHSA-g8r4-p96j-xfxc
Product https://packagist.org/packages/getgrav/grav
46
/ 100
moderate-risk
Severity 29/34 · Critical
Exploitability 12/34 · Low
Exposure 5/34 · Minimal