Code injection in RazorEngine

GHSA-ph3v-2hq5-5qfq · CVE-2021-46703

Published Mar 7, 2022 · Modified Mar 26, 2025

Description

In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template contents). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-46703
WEB https://github.com/Antaris/RazorEngine/issues/585
PACKAGE https://github.com/Antaris/RazorEngine

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes