Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-5qxq-vgmm-q39m

GitHub Security Advisory

RCE vulnerability in Pimcore/Mail & Dynamic Text Layout

✓ GitHub Reviewed CRITICAL Has CVE
View on GitHub

Advisory Details

### Impact
The user controlled twig templates rendering in `Pimcore/Mail` & `ClassDefinition\Layout\Text` is vulnerable to server-side template Injection RCE.

### Patches
Update to version 10.5.9 or apply this patch manually https://github.com/pimcore/pimcore/pull/13347.patch

### Workarounds
Apply https://github.com/pimcore/pimcore/pull/13347.patch manually.

### References
Credits: @nth347 from Viettel Cyber Security

Affected Packages

Packagist pimcore/pimcore
Affected versions: 0 (fixed in 10.5.9)

Related CVEs

CVE-2022-39365

Key Information

GHSA ID
GHSA-5qxq-vgmm-q39m
Published
October 29, 2022 12:29 AM
Last Modified
October 29, 2022 12:29 AM
CVSS Score
9.0 /10
Primary Ecosystem
Packagist
Primary Package
pimcore/pimcore
GitHub Reviewed
✓ Yes

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.