Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Jinja Renderer Remote code execution #16

Open
1 task
Tracked by #18
jon-nfc opened this issue Oct 4, 2024 · 0 comments
Open
1 task
Tracked by #18

Jinja Renderer Remote code execution #16

jon-nfc opened this issue Oct 4, 2024 · 0 comments
Labels
task::security Task Type type::task Issue Type
Milestone
v1.0.0

Comments

@jon-nfc
Copy link
Member

jon-nfc commented Oct 4, 2024
edited
Loading

As detailed in mozilla/nunjucks-docs#17 the templating engine has the capability to execute code. as such, this needs to be prevented.

details

  • fix the vulnerability or find one that isn't vulnerable

Currently Jinja is used for external links for building the URL from the models data. i.e. {{ device.name }}. There are future plans for jinja to be used within templating.

Links
@jon-nfc jon-nfc added the task::security Task Type label Oct 4, 2024
@jon-nfc jon-nfc added this to the v1.0.0 milestone Oct 4, 2024
@jon-nfc jon-nfc mentioned this issue Oct 4, 2024
Closed
29 tasks
@jon-nfc jon-nfc mentioned this issue Nov 3, 2024
Open
22 tasks
@jon-nfc jon-nfc added the type::task Issue Type label Dec 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
task::security Task Type type::task Issue Type
Projects
Centurion ERP
Status: No status
Milestone
v1.0.0
Development

No branches or pull requests
1 participant
@jon-nfc