Genshi
Monthly
Server-side template injection in Edgewall's Genshi template engine (versions 0 through 0.7.9) lets a remote attacker reach the expression-evaluation component and run arbitrary Python code on the host. Because Genshi evaluates template expressions as Python, any application that feeds attacker-controlled input into a Genshi expression can be driven to full remote code execution. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list; EPSS data was not provided.
Server-side template injection in Edgewall's Genshi template engine (versions 0 through 0.7.9) lets a remote attacker reach the expression-evaluation component and run arbitrary Python code on the host. Because Genshi evaluates template expressions as Python, any application that feeds attacker-controlled input into a Genshi expression can be driven to full remote code execution. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list; EPSS data was not provided.