Impact
This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize MessageTemplate and incorporate user-provided data into templates.
Patches
The identified vulnerability has been remedied in fix #2509 and will be included in versions released after 2.1.3. Users are strongly advised to upgrade to these patched versions to safeguard against the vulnerability.
Workarounds
A temporary workaround involves filtering underscores before incorporating user input into the message template.
References
Impact
This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize
MessageTemplateand incorporate user-provided data into templates.Patches
The identified vulnerability has been remedied in fix #2509 and will be included in versions released after 2.1.3. Users are strongly advised to upgrade to these patched versions to safeguard against the vulnerability.
Workarounds
A temporary workaround involves filtering underscores before incorporating user input into the message template.
References