DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-7JVP-HJ45-2F2M: GHSA-7jvp-hj45-2f2m: Scriban Template Writes to Arbitrary CLR Properties via TypedObjectAccessor

GHSA-7jvp-hj45-2f2m: Scriban Template Writes to Arbitrary CLR Properties via TypedObjectAccessor

Vulnerability ID: GHSA-7JVP-HJ45-2F2M
CVSS Score: 7.7
Published: 2026-07-06

An improper access control and mass assignment vulnerability in Scriban allows templates to write to arbitrary, restricted CLR properties (including private, internal, and init-only properties) of context-bound objects, causing unexpected state mutations on the host application heap.

TL;DR

Scriban dynamically resolves and modifies restricted C# object properties (private, internal, init) within templates, bypassing language-level access controls and enabling mass assignment attacks.


⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-284, CWE-915
  • Attack Vector: Network / Context Template Injection
  • CVSS v4 Score: 7.7
  • Exploit Status: poc
  • CISA KEV Status: Not Listed
  • Impact: Improper Access Control / State Mutation

Affected Systems

  • Scriban Template Engine
  • Scriban: <= 7.2.1 (Fixed in: 7.2.2)

Mitigation Strategies

  • Upgrade Scriban NuGet package to version 7.2.2 or later
  • Implement a strict, custom MemberFilter to restrict write operations
  • Avoid binding untrusted or multi-use CLR objects directly to the template context

Remediation Steps:

  1. Identify all applications using Scriban <= 7.2.1
  2. Update the package reference in .csproj to 7.2.2
  3. Verify all Custom MemberFilters are configured correctly
  4. Audit templates for assignments targeting internal fields

References


Read the full report for GHSA-7JVP-HJ45-2F2M on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)