Critical severity9.8NVD Advisory· Published Dec 17, 2021· Updated Jun 17, 2026
CVE-2021-23803
CVE-2021-23803
Description
This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters (x00-x08) after the function will bypass these restrictions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
latte/lattePackagist | < 2.10.6 | 2.10.6 |
Affected products
2- latte/lattedescription
Patches
Vulnerability mechanics
References
5- github.com/nette/latte/commit/227c86eda9a8a6d060ea8501923e768b6d992210nvdPatchThird Party AdvisoryWEB
- github.com/nette/latte/issues/279nvdExploitIssue TrackingPatchThird Party AdvisoryWEB
- snyk.io/vuln/SNYK-PHP-LATTELATTE-1932226nvdExploitPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-6pj2-5fqq-xvjcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23803ghsaADVISORY
News mentions
0No linked articles in our index yet.