CVE-2023-43661

Published: Oct 11, 2023Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch contains a patch for this issue.

Affected (1)

Products: All Three: Cachet

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
All Three Cachet	Before 2.4

Related CWEs

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

https://github.com/cachethq/cachet/commit/6fb043e109d2a262ce3974e863c54e9e5f5e0587

Source: security-advisories@github.com

Patch

https://github.com/cachethq/cachet/security/advisories/GHSA-hv79-p62r-wg3p

Source: security-advisories@github.com

ExploitMitigationVendor Advisory

https://github.com/cachethq/cachet/commit/6fb043e109d2a262ce3974e863c54e9e5f5e0587

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/cachethq/cachet/security/advisories/GHSA-hv79-p62r-wg3p

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMitigationVendor Advisory

Timeline

No history available yet.