Description

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. As of time of publication, no patched version exists, nor have any known workarounds been disclosed.

INFO

Published Date :

2024-06-11T18:34:38.374Z

Last Modified :

2026-02-04T19:40:11.164Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-37301 vulnerability.

Vendors Products
Adfinis
  • Document Merge Service
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-37301.

URL Resource
https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074 cve-icon cve-icon
https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact