Hubspot Jinjava vulnerabilities
4 known vulnerabilities affecting hubspot/jinjava.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-59340P2CRITICALCVSS 10.0fixed in 2.8.12025-09-17
CVE-2025-59340 [CRITICAL] CWE-1336 CVE-2025-59340: jinjava is a Java-based template engine based on django template syntax, adapted to render jinja tem
jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Priori to 2.8.1, by using mapper.getTypeFactory().constructFromCanonical(), it is possible to instruct the underlying ObjectMapper to deserialize attacker-controlled input into arbitrary classes. This enables the creation of semi-arbitrary
nvd
CVE-2026-25526P2CRITICALCVSS 9.8fixed in 2.7.6≥ 2.8.0, < 2.8.3+1 more2026-02-04
CVE-2026-25526 [CRITICAL] CWE-1336 CVE-2026-25526: JinJava is a Java-based template engine based on django template syntax, adapted to render jinja tem
JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing built-in sandbox restrictions. This issue has been patc
nvd
CVE-2020-12668P3MEDIUMCVSS 6.5fixed in 2.5.42021-02-19
CVE-2020-12668 [MEDIUM] CWE-863 CVE-2020-12668: Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed int
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.
nvd
CVE-2018-18893P4MEDIUMCVSS 5.3fixed in 2.4.62019-01-03
CVE-2018-18893 [MEDIUM] CVE-2018-18893: Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/Jinja
Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java.
nvd