In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0.
References
Configurations
History
21 Nov 2024, 04:56
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 7.4 |
References | () https://github.com/barrelstrength/craft-sprout-forms/blob/v3/CHANGELOG.md#390---2020-04-09-critical - Release Notes | |
References | () https://github.com/barrelstrength/craft-sprout-forms/security/advisories/GHSA-px8v-hxxx-2rgh - Third Party Advisory |
26 Oct 2021, 20:00
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-74 |
Information
Published : 2020-05-07 21:15
Updated : 2024-11-21 04:56
NVD link : CVE-2020-11056
Mitre link : CVE-2020-11056
CVE.ORG link : CVE-2020-11056
JSON object : View
Products Affected
barrelstrengthdesign
- sprout_forms