What is CVE-2023-34252?

CVE-2023-34252 is a logic flaw vulnerability in the Grav file-based Web platform, specifically in the `GravExtension.filterFilter()` function.

What is the severity of CVE-2023-34252?

The severity of CVE-2023-34252 is high, with a severity value of 7.2.

How does CVE-2023-34252 affect the software?

CVE-2023-34252 affects the Grav Web platform prior to version 1.7.42.

How can CVE-2023-34252 be fixed?

To fix CVE-2023-34252, users are advised to update to version 1.7.42 or later of the Grav Web platform.

Vulnerability/
CVE-2023-34252

high

8.8

CWE

94 1336 184

14/6/2023

18/12/2024

CVE-2023-34252: Grav Server-side Template Injection via Insufficient Validation in filterFilter

Q: How does CVE-2023-34252 work?

CVE-2023-34252 is a logic flaw whereby validation against a denylist of unsafe functions is only performed when the argument passed to filter is a string, allowing an array to be passed as a callable argument.

First published: Wed Jun 14 2023(Updated: )

Grav is a file-based Web platform. Prior to version 1.7.42, there is a logic flaw in the `GravExtension.filterFilter()` function whereby validation against a denylist of unsafe functions is only performed when the argument passed to filter is a string. However, passing an array as a callable argument allows the validation check to be skipped. Consequently, a low privileged attacker with login access to Grav Admin panel and page creation/update permissions is able to inject malicious templates to obtain remote code execution. The vulnerability can be found in the `GravExtension.filterFilter()` function declared in `/system/src/Grav/Common/Twig/Extension/GravExtension.php`. Version 1.7.42 contains a patch for this issue. End users should also ensure that `twig.undefined_functions` and `twig.undefined_filters` properties in `/path/to/webroot/system/config/system.yaml` configuration file are set to `false` to disallow Twig from treating undefined filters/functions as PHP functions and executing them.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Getgrav Grav	<1.7.42

Remedy

https://github.com/getgrav/grav/commit/244758d4383034fe4cd292d41e477177870b65ec

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-34252?
CVE-2023-34252 is a logic flaw vulnerability in the Grav file-based Web platform, specifically in the `GravExtension.filterFilter()` function.
What is the severity of CVE-2023-34252?
The severity of CVE-2023-34252 is high, with a severity value of 7.2.
How does CVE-2023-34252 affect the software?
CVE-2023-34252 affects the Grav Web platform prior to version 1.7.42.
How does CVE-2023-34252 work?
CVE-2023-34252 is a logic flaw whereby validation against a denylist of unsafe functions is only performed when the argument passed to filter is a string, allowing an array to be passed as a callable argument.
How can CVE-2023-34252 be fixed?
To fix CVE-2023-34252, users are advised to update to version 1.7.42 or later of the Grav Web platform.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/title
agent/severity
agent/last-modified-date
agent/author
agent/remedy
agent/description
agent/first-publish-date
agent/tags
agent/event
vendor/getgrav
canonical/getgrav grav

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.