A critical vulnerability has been discovered in HubSpot's Jinjava template engine, earning a maximum severity score and placing thousands of websites at risk. The flaw allows attackers to bypass the engine's security sandbox, enabling remote code execution, unauthorized file access, and server-side request forgery attacks. Malicious actors can exploit a deserialization weakness to instantiate arbitrary classes without triggering security protections. Successful exploitation could lead to a complete system compromise, depending on the target environment. HubSpot has released a patch in version 2.8.1 and strongly urges all users to upgrade immediately to mitigate the threat.
Latest mentioned: 09-19
Earliest mentioned: 09-19