Skip to content
Threat Feed

Tag

Scriban

4 briefs RSS
critical advisory

Scriban TemplateContext MemberFilter Bypass Vulnerability

Scriban versions before 7.0.0 are vulnerable to a sandbox escape due to improper caching of type accessors in `TemplateContext`, leading to a `MemberFilter` bypass when a `TemplateContext` is reused, potentially exposing sensitive data.

Scriban sandbox-escape memberfilter-bypass
2r 1t
high advisory

Scriban `object.to_json` Uncontrolled Recursion DoS

The Scriban library is vulnerable to a denial-of-service attack where a specially crafted template with a self-referencing object passed to the `object.to_json` function causes unbounded recursion, leading to a `StackOverflowException` that terminates the .NET process.

Scriban denial-of-service .net
2r 1t
high advisory

Scriban Template Engine LoopLimit Bypass Vulnerability

Scriban's LoopLimit can be bypassed by crafted template expressions, allowing attackers to perform resource exhaustion through CPU or memory amplification, leading to denial of service.

Scriban Template Engine scriban dos template-injection
2r 1t
high advisory

Scriban TemplateContext Reset Authorization Bypass Vulnerability

Scriban versions before 7.0.0 have an authorization bypass vulnerability due to a stale include cache surviving TemplateContext.Reset(), potentially serving previously authorized content to subsequent renders in applications reusing TemplateContext objects with request-dependent ITemplateLoaders.

Scriban template-injection authorization-bypass
2r 1t