Closed
Description
In the template evaluation, closures are evaluated based on whether a value is callable within the current scope.
In theory, one could create a multi-step attack by storing particular values into the database that are known to be eventually rendered by the template engine. would the value of such a key happen to be a callable, one could execute global or local functions & methods. While it is unclear how one could use this to exploit neoan3, this constitutes a security concern.