VYPR

Maven package

io.pebbletemplates/pebble

pkg:maven/io.pebbletemplates/pebble

Vulnerabilities (2)

  • CVE-2025-1686MedFeb 27, 2025
    affected <= 3.2.3

    Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag t

  • CVE-2022-37767Sep 12, 2022
    affected <= 3.1.5

    Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input shoul