Vulnerability Name
Classifications
Severity
Server-Side Template Injection (Java FreeMarker)
PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Critical
Server-Side Template Injection (Java Pebble)
PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Critical
Server-Side Template Injection (Java Velocity)
PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Critical
Server-Side Template Injection (JinJava)
PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Critical
Server-Side Template Injection (Node.js Dot)
PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Critical
Server-Side Template Injection (Node.js EJS)
PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Critical
Server-Side Template Injection (Ruby ERB)
PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Critical
Blind MongoDB Injection
PCI v3.2-6.5.1, CWE-943, HIPAA-164.306(a), 164.308(a), OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
High
Boolean Based MongoDB Injection
PCI v3.2-6.5.1, CWE-943, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
High
Error-Based MongoDB Injection
PCI v3.2-6.5.1, CWE-943, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
High
Expression Language Injection
PCI v3.2-6.5.1, CWE-20, HIPAA-164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
High
MongoDB Operator Injection
PCI v3.2-6.5.1, CWE-943, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
High