VYPR
Unrated severityNVD Advisory· Published Dec 26, 2019· Updated Aug 5, 2024

CVE-2019-19999

CVE-2019-19999

Description

Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Halo/Halodescription
  • Halo Dev/Halollm-fuzzy
    Range: <1.2.0-beta.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.