How severe is CVE-2021-4315?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2021-4315?

This is classified as CWE-1336, which is a common weakness in software security.

CVE-2021-4315 - HIGH Severity | CVSS 8.8

Vulnerability Description

A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.1 is able to address this issue. The name of the patch is 47787e15cecd66f2aa87687bf852ae0194a4335f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-219676.

Related Vulnerabilities

CVE-2023-27995

HIGH

CVSS:8.8(High)

A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a...

CWE-13362023

CVE-2024-30372

HIGH

CVSS:8.8(High)

Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authe...

CWE-13362024

CVE-2024-46366

HIGH

CVSS:8.8(High)

A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead...

CWE-13362024

CVE-2024-52427

HIGH

CVSS:8.8(High)

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Server Side Include (SSI) Injection.This issue affects Even...

CWE-13362024

CVE-2024-6386

HIGH

CVSS:8.8(High)

The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. This is due to missing input validation a...

CWE-13362024

CVE-2022-0944

CRITICAL

CVSS:9.1(Critical)

Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1.

CWE-13362022