Dispatch's notification service uses Jinja templates to generate messages to users. Jinja permits code execution within blocks, which were neither properly sanitized nor sandboxed. This vulnerability enables users to construct command line scripts in their custom message templates, which are then executed whenever these notifications are rendered and sent out.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: netflix
Published: 2024-08-01T21:07:35.787Z
Updated: 2024-08-02T16:04:37.541Z
Reserved: 2024-07-24T21:43:55.252Z
Link: CVE-2024-7093
Vulnrichment
Updated: 2024-08-02T16:04:26.678Z
NVD
Status : Awaiting Analysis
Published: 2024-08-01T21:16:05.100
Modified: 2024-08-02T12:59:43.990
Link: CVE-2024-7093
Redhat
No data.