Protection Mechanism Failure

CVE-2021-46433

High

10/10

Summary

In fenom there is a way in fenom/src/Fenom/Template.php function getTemplateCode() to bypass sandbox to execute arbitrary PHP code when disable_native_funcs is true.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-693 - Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References

Advisory
Issue

Advisory Timeline

Published Mar 28, 2022

Protection Mechanism Failure

CVE-2021-46433

Summary

CWE-693 - Protection Mechanism Failure

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS