An Introduction to Secure Coding with Template Engines

6 January 2024

Back in 2022 while browsing through lists of recently disclosed vulnerabilities, I happened upon some Adobe Commerce/Magento Open Source vulnerabilities [1], that were reported to be exploited in the wild and can be exploited to achieve remote code execution, a combination which always motivates me to take a quick look at the vulnerability. Adobe provided a simple patch file that effectively removes {{ and }} characters when encountered in input provided to two specific components and it is reasonable to assume that the vulnerability involves Magento’s built-in templating system.

Source: Veracode

Date:

6 January 2024

Categorie(s):

NEWS

Tag(s):

Engines, Introduction, IT, Secure Coding, Templates

How MFA can improve your online security6 May 2024
Germany points finger at Fancy Bear for widespread 2023 hacks, DDoS attacks6 May 2024
eBook: CISSP fundamentals in focus6 May 2024
These top cybersecurity firms are vital defenders against evolving digital threats in 20246 May 2024
Celebrating our 12th Anniversary at RSA conference 20245 May 2024