Code execution through server-side-template-injection¶
Information¶
Advisory ID: DSA-2022-004
CVSS String: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Base Score: 8.8 (High)
CWE classification: CWE-1336
Summary¶
In Dataiku DSS before 10.0.6, insufficient sanitization of custom email templates could allow an authenticated attacker to perform code execution.
Affected Products¶
Dataiku DSS before 10.0.6
Fix¶
Dataiku DSS 10.0.6 has been made available to customers to remediate this issue