What is CVE-2023-34448?

CVE-2023-34448 is a high-severity vulnerability in Getgrav Grav, classified under Improper Input Validation. CVSS score: 8.8/10. Published 2023-06-14.

How severe is CVE-2023-34448?

High severity. CVSS v3 base score is 8.8 out of 10.

Improper input validation in Getgrav Grav

CVE-2023-34448

Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.088 (92.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Getgrav Grav — versions < 1.7.42

Weakness classification (CWE)

References

https://github.com/getgrav/grav/security/advisories/GHSA-whr7-m3f8-mpm8 (x_refsource_CONFIRM)
https://github.com/getgrav/grav/commit/8c2c1cb72611a399f13423fc6d0e1d998c03e5c8 (x_refsource_MISC)
https://github.com/twigphp/Twig/blob/v1.44.7/src/Environment.php#L148 (x_refsource_MISC)
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/ (x_refsource_MISC)
https://www.github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-34448?: CVE-2023-34448 is a high-severity vulnerability in Getgrav Grav, classified under Improper Input Validation. CVSS score: 8.8/10. Published 2023-06-14.
How severe is CVE-2023-34448?: High severity. CVSS v3 base score is 8.8 out of 10.