Document Merge Service
Approved changes feed: RSS · Atom
cpe:2.3:a:adfinis:document-merge-service:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Adfinis (1a0b6fe0-683c-56c2-ae10-f0ec36b5aed2) |
|---|---|
| Product | Document Merge Service (45aa0edc-268f-5969-b74c-73845008283a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-37301 |
vulnerable | 2026-06-03 14:56:06.270762 |
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
HIGH (7.2)
Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. As of time of publication, no patched version exists, nor have any known workarounds been disclosed.
Published: 2024-06-11T18:34:38.374Z
Updated: 2026-02-04T19:40:11.164Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.