Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Hubspot Subscribe
Filtered by product Jinjava
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-12668 1 Hubspot 1 Jinjava 2021-07-21 6.8 MEDIUM 6.5 MEDIUM
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.
CVE-2018-18893 1 Hubspot 1 Jinjava 2019-10-02 5.0 MEDIUM 5.3 MEDIUM
Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java.