Product
Scriban TemplateContext MemberFilter Bypass Vulnerability
2 rules 1 TTPScriban versions before 7.0.0 are vulnerable to a sandbox escape due to improper caching of type accessors in `TemplateContext`, leading to a `MemberFilter` bypass when a `TemplateContext` is reused, potentially exposing sensitive data.
Scriban `object.to_json` Uncontrolled Recursion DoS
2 rules 1 TTPThe Scriban library is vulnerable to a denial-of-service attack where a specially crafted template with a self-referencing object passed to the `object.to_json` function causes unbounded recursion, leading to a `StackOverflowException` that terminates the .NET process.
Scriban TemplateContext Reset Authorization Bypass Vulnerability
2 rules 1 TTPScriban versions before 7.0.0 have an authorization bypass vulnerability due to a stale include cache surviving TemplateContext.Reset(), potentially serving previously authorized content to subsequent renders in applications reusing TemplateContext objects with request-dependent ITemplateLoaders.