CVE-2024-37301 - Vulnerability Details - OpenCVE

ReportizFlow

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. As of time of publication, no patched version exists, nor have any known workarounds been disclosed.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Adfinis	Document Merge Service

No data.

No data.

References

Link	Providers
https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074
https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6

History

Wed, 04 Feb 2026 20:00:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-06-11T18:34:38.374Z

Updated: 2026-02-04T19:40:11.164Z

Reserved: 2024-06-05T20:10:46.497Z

Link: CVE-2024-37301

Vulnrichment

Updated: 2024-08-02T03:50:56.118Z

NVD

Status : Awaiting Analysis

Published: 2024-06-11T19:16:07.890

Modified: 2026-02-04T20:16:02.377

Link: CVE-2024-37301

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-37301", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-06-05T20:10:46.497Z", "datePublished": "2024-06-11T18:34:38.374Z", "dateUpdated": "2026-02-04T19:40:11.164Z"}, "containers": {"cna": {"title": "document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection", "problemTypes": [{"descriptions": [{"cweId": "CWE-1336", "lang": "en", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6"}, {"name": "https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074", "tags": ["x_refsource_MISC"], "url": "https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074"}], "affected": [{"vendor": "adfinis", "product": "document-merge-service", "versions": [{"version": "< 6.5.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-04T19:40:11.164Z"}, "descriptions": [{"lang": "en", "value": "Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. As of time of publication, no patched version exists, nor have any known workarounds been disclosed."}], "source": {"advisory": "GHSA-v5gf-r78h-55q6", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "adfinis", "product": "document_merge_service", "cpes": ["cpe:2.3:a:adfinis:document_merge_service:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "6.5.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T20:18:28.016202Z", "id": "CVE-2024-37301", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T20:21:20.380Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:50:56.118Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6"}, {"name": "https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6", "name": "https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074", "name": "https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:50:56.118Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-37301", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-11T20:18:28.016202Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:adfinis:document_merge_service:*:*:*:*:*:*:*:*"], "vendor": "adfinis", "product": "document_merge_service", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "6.5.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T20:21:15.403Z"}}], "cna": {"title": "document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection", "source": {"advisory": "GHSA-v5gf-r78h-55q6", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "adfinis", "product": "document-merge-service", "versions": [{"status": "affected", "version": "< 6.5.2"}]}], "references": [{"url": "https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6", "name": "https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074", "name": "https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. As of time of publication, no patched version exists, nor have any known workarounds been disclosed."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1336", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-04T19:40:11.164Z"}}}, "cveMetadata": {"cveId": "CVE-2024-37301", "state": "PUBLISHED", "dateUpdated": "2026-02-04T19:40:11.164Z", "dateReserved": "2024-06-05T20:10:46.497Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-06-11T18:34:38.374Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. As of time of publication, no patched version exists, nor have any known workarounds been disclosed."}, {"lang": "es", "value": "Document Merge Service es un servicio de combinaci\u00f3n de plantillas de documentos que proporciona una API para administrar plantillas y combinarlas con datos determinados. Las versiones 6.5.1 y anteriores son vulnerables a la ejecuci\u00f3n remota de c\u00f3digo mediante la inyecci\u00f3n de plantillas del lado del servidor que, cuando se ejecuta como root, puede resultar en la toma total del sistema afectado. En el momento de la publicaci\u00f3n, no existe ninguna versi\u00f3n parcheada ni se ha revelado ning\u00fan workaround."}], "id": "CVE-2024-37301", "lastModified": "2026-02-04T20:16:02.377", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-06-11T19:16:07.890", "references": [{"source": "[email protected]", "url": "https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074"}, {"source": "[email protected]", "url": "https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1336"}], "source": "[email protected]", "type": "Secondary"}]}