DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-XW6W-9JJH-P9CR: GHSA-XW6W-9JJH-P9CR: Multiple Denial-of-Service Vulnerabilities in Scriban Templating Engine

#security #cve #cybersecurity #ghsa

GHSA-XW6W-9JJH-P9CR: Multiple Denial-of-Service Vulnerabilities in Scriban Templating Engine

Vulnerability ID: GHSA-XW6W-9JJH-P9CR
CVSS Score: 6.5
Published: 2026-03-24

The Scriban .NET templating engine versions prior to 7.0.0 contain three distinct denial-of-service vulnerabilities. These flaws arise from improper enforcement of resource limits during expression evaluation, specifically concerning string multiplication, bitwise shifts, and range enumerations. An attacker with template authoring privileges can exploit these vectors to trigger OutOfMemoryException or CPU exhaustion, resulting in abrupt application termination or degraded performance.

TL;DR

Scriban versions before 7.0.0 are vulnerable to Denial of Service via unbounded resource consumption. Unauthenticated or low-privileged users can crash the host application by providing crafted template expressions that bypass configured string length and loop limits.

⚠️ Exploit Status: POC

Technical Details

  • Vulnerability Type: Denial of Service (DoS)
  • CWE ID: CWE-400, CWE-770, CWE-834
  • CVSS v3.1 Score: 6.5 Medium
  • Attack Vector: Network (Remote)
  • Privileges Required: Low
  • User Interaction: None
  • Exploit Status: Proof of Concept available

Affected Systems

  • Applications utilizing the Scriban templating engine (NuGet package: Scriban)
  • Scriban: >= 0.1.0, < 7.0.0 (Fixed in: 7.0.0)

Exploit Details

  • GitHub Advisory: Proof of Concept demonstrating the three resource exhaustion vectors.

Mitigation Strategies

  • Upgrade the Scriban NuGet package to version 7.0.0.
  • Restrict template generation and submission to highly trusted users.
  • Implement regex-based sanitization to filter out malicious operators prior to parsing.

Remediation Steps:

  1. Identify all projects within the solution referencing the Scriban NuGet package.
  2. Update the package reference for Scriban to >= 7.0.0 in the .csproj files.
  3. Rebuild and execute unit tests to ensure compatibility with version 7.0.0.
  4. Deploy the updated application to staging and production environments.
  5. If unable to update, implement an interceptor to drop templates matching the regex pattern for <<, *, or .. before calling Template.Parse().

References

Read the full report for GHSA-XW6W-9JJH-P9CR on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)