Dispatch's notification service uses Jinja templates to generate messages to users. Jinja permits code execution within blocks, which were neither properly sanitized nor sandboxed. This vulnerability enables users to construct command line scripts in their custom message templates, which are then executed whenever these notifications are rendered and sent out.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: netflix

Published: 2024-08-01T21:07:35.787Z

Updated: 2024-08-02T16:04:37.541Z

Reserved: 2024-07-24T21:43:55.252Z

Link: CVE-2024-7093

cve-icon Vulnrichment

Updated: 2024-08-02T16:04:26.678Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-01T21:16:05.100

Modified: 2024-08-02T12:59:43.990

Link: CVE-2024-7093

cve-icon Redhat

No data.