Server-Side Template Injection in Sprout Forms Notification Emails

Server-Side Template Injection in Sprout Forms Notification Emails

CVE-2020-11056 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0.

Learn more about our Cis Benchmark Audit For Server Software.