MEDIUM🇵🇱 Wersja polska

CVE-2018-18893

CVSS 5.3v3.0pub. 2019-01-03upd. 2024-11-21

Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Hubspot Jinjava

    APP
    Hubspot
    < 2.4.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-25526CRITICAL9.8PL ✓ten sam produkt

HubSpot JinJava — obejście sandbox i wykonanie dowolnego kodu Java przez ForTag

CVE-2025-59340CRITICAL9.8PL ✓ten sam produkt

HubSpot Jinjava — ucieczka z sandbox i RCE przez deserializację szablonów

CVE-2020-12668MEDIUM6.5ten sam produkt

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjav...

CVE-2022-1239HIGH8.8ten sam vendor

The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, w...

CVE-2017-16035HIGH8.1ten sam vendor

The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads...