How severe is GHSA-m2p3-hwv5-xpqw?

GHSA-m2p3-hwv5-xpqw has a CVSS score of 6.5/10, rated MEDIUM. Review your exposure and patch according to your risk tolerance.

Which packages are affected by GHSA-m2p3-hwv5-xpqw?

GHSA-m2p3-hwv5-xpqw affects the following packages: Scriban (NuGet). Ecosystems affected: NuGet.

How do I fix GHSA-m2p3-hwv5-xpqw?

Update Scriban to 7.0.0 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-m2p3-hwv5-xpqw is resolved across your whole dependency graph.

How do I detect GHSA-m2p3-hwv5-xpqw in my NuGet dependencies?

Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for Scriban. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.

How do I mitigate GHSA-m2p3-hwv5-xpqw if there is no patch (or I can't update yet)?

If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.

How does O3 Security protect against GHSA-m2p3-hwv5-xpqw?

O3 pinpoints whether GHSA-m2p3-hwv5-xpqw is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Is GHSA-m2p3-hwv5-xpqw actively exploited in the wild?

No public exploit code has been indexed for GHSA-m2p3-hwv5-xpqw yet. This does not mean the vulnerability cannot be exploited — absence of public exploits does not imply safety. Apply the recommended fix and use O3 Security to monitor your exposure.

When was GHSA-m2p3-hwv5-xpqw published, and has it been updated?

GHSA-m2p3-hwv5-xpqw was published on March 24, 2026 and was last updated on March 24, 2026. Advisory data evolves as severity scores, affected ranges, and exploit intelligence are revised — always check the latest version of the advisory before acting.

.NET NuGet

GHSA-m2p3-hwv5-xpqw

MEDIUM

Scriban: Denial of Service via Unbounded Cumulative Template Output Bypassing LimitToString

Published

Mar 24, 2026

Updated

Mar 24, 2026

Affected

1 pkg

Patched

1 / 1

Exploits

None indexed

Blast Radius

1 pkg affected

.NETScriban

Real-time download stats are indexed for npm and PyPI packages. This vulnerability affects NuGet packages — download data is not available via public APIs for these ecosystems.

Description

Summary

The LimitToString safety limit (default 1MB since commit b5ac4bf) can be bypassed to allocate approximately 1GB of memory by exploiting the per-call reset of _currentToStringLength in ObjectToString. Each template expression rendered through TemplateContext.Write(SourceSpan, object) triggers a separate top-level ObjectToString call that resets the length counter to zero, and the underlying StringBuilderOutput has no cumulative output size limit. An attacker who can supply a template can cause an out-of-memory condition in the host application.

Details

The root cause is in TemplateContext.Helpers.cs, in the ObjectToString method:

// src/Scriban/TemplateContext.Helpers.cs:89-111
public virtual string ObjectToString(object value, bool nested = false)
{
    if (_objectToStringLevel == 0)
    {
        _currentToStringLength = 0;  // <-- resets on every top-level call
    }
    try
    {
        _objectToStringLevel++;
        // ...
        var result = ObjectToStringImpl(value, nested);
        if (LimitToString > 0 && _objectToStringLevel == 1 && result != null && result.Length >= LimitToString)
        {
            return result + "...";
        }
        return result;
    }
    // ...
}

Each time a template expression is rendered, TemplateContext.Write(SourceSpan, object) calls ObjectToString:

// src/Scriban/TemplateContext.cs:693-701
public virtual TemplateContext Write(SourceSpan span, object textAsObject)
{
    if (textAsObject != null)
    {
        var text = ObjectToString(textAsObject);  // fresh _currentToStringLength = 0
        Write(text);
    }
    return this;
}

The StringBuilderOutput.Write method appends unconditionally with no size check:

// src/Scriban/Runtime/StringBuilderOutput.cs:47-50
public void Write(string text, int offset, int count)
{
    Builder.Append(text, offset, count);  // no cumulative limit
}

Execution flow:

Template creates a string of length 1,048,575 (one byte under the 1MB LimitToString default)
A for loop iterates up to LoopLimit (default 1000) times
Each iteration renders the string via Write(span, x) → ObjectToString(x)
ObjectToString resets _currentToStringLength = 0 since _objectToStringLevel == 0
The string passes the LimitToString check (1,048,575 < 1,048,576)
Full string is appended to StringBuilder — no cumulative tracking
After 1000 iterations: ~1GB allocated in-memory

PoC

using Scriban;

// Uses only default TemplateContext settings (LoopLimit=1000, LimitToString=1048576)
var template = Template.Parse("{{ x = \"\" | string.pad_left 1048575 }}{{ for i in 1..1000 }}{{ x }}{{ end }}");
// This will allocate ~1GB in the StringBuilder, likely causing OOM
var result = template.Render();

Equivalent Scriban template:

{{ x = "" | string.pad_left 1048575 }}{{ for i in 1..1000 }}{{ x }}{{ end }}

Each of the 1000 loop iterations outputs a 1,048,575-character string. Each passes the per-call LimitToString check independently. Total output: ~1,000,000,000 characters (~1GB) allocated in the StringBuilder.

Impact

Denial of Service: An attacker who can supply Scriban templates (common in CMS, email templating, report generation) can crash the host application via out-of-memory
Process-level impact: OOM kills the entire .NET process, not just the template rendering — affects all concurrent users
Bypass of safety mechanism: The LimitToString limit was specifically introduced to prevent resource exhaustion, but the per-call reset makes it ineffective against cumulative abuse
Low complexity: The exploit template is trivial — a single line

Recommended Fix

Add a cumulative output size counter to TemplateContext that tracks total bytes written across all Write calls, independent of the per-object LimitToString:

// In TemplateContext.cs — add new property and field
private long _totalOutputLength;

/// <summary>
/// Gets or sets the maximum total output length in characters. Default is 10485760 (10 MB). 0 means no limit.
/// </summary>
public int OutputLimit { get; set; } = 10485760;

// In TemplateContext.Write(string, int, int) — add check before writing
public TemplateContext Write(string text, int startIndex, int count)
{
    if (text != null)
    {
        if (OutputLimit > 0)
        {
            _totalOutputLength += count;
            if (_totalOutputLength > OutputLimit)
            {
                throw new ScriptRuntimeException(CurrentSpan, 
                    $"The output limit of {OutputLimit} characters was reached.");
            }
        }
        // ... existing indent/write logic
    }
    return this;
}

This provides defense-in-depth: LimitToString caps individual object serialization, while OutputLimit caps total template output.

Affected Packages

1 total 1 fixed

Ecosystem	Package	Vulnerable range	Fix
.NETNuGet	`Scriban`	all versions	7.0.0

Detection & mitigation playbook

Open-source dependency

Detect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for Scriban. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update Scriban to 7.0.0 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-m2p3-hwv5-xpqw is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-m2p3-hwv5-xpqw is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Tailored to GHSA-m2p3-hwv5-xpqw. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.

Frequently Asked Questions

## Summary The `LimitToString` safety limit (default 1MB since commit `b5ac4bf`) can be bypassed to allocate approximately 1GB of memory by exploiting the per-call reset of `_currentToStringLength` in `ObjectToString`. Each template expression rendered through `TemplateContext.Write(SourceSpan, object)` triggers a separate top-level `ObjectToString` call that resets the length counter to zero, and the underlying `StringBuilderOutput` has no cumulative output size limit. An attacker who can supply a template can cause an out-of-memory condition in the host application. ## Details The root ca

O3 Security · Impact-Aware SCA

Is GHSA-m2p3-hwv5-xpqw in your dependencies?

O3 detects GHSA-m2p3-hwv5-xpqw across NuGet dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.

Scan my dependencies How O3 SCA works