Unrated severityNVD Advisory· Published Dec 26, 2019· Updated Aug 5, 2024
CVE-2019-19999
CVE-2019-19999
Description
Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Halo/Halodescription
Patches
Vulnerability mechanics
References
3- github.com/halo-dev/halo/compare/v1.1.3-beta.2...v1.2.0-beta.1mitrex_refsource_MISC
- github.com/halo-dev/halo/issues/419mitrex_refsource_MISC
- github.com/halo-dev/halo/issues/440mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.