CVE-2020-9757
- Source
- https://cve.org/CVERecord?id=CVE-2020-9757
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-9757.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-9757
- Aliases
- Published
- 2020-03-04T17:15:12.157Z
- Modified
- 2026-04-10T04:28:49.386145Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
- References
-
- https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md
- https://github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da2431f79b
- https://github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df02cc0f
- https://github.com/giany/CVE/blob/master/CVE-2020-9757.txt
Affected packages
Git / github.com/craftcms/cms
Affected ranges
- Type
- GIT
- Repo
- https://github.com/craftcms/cms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "3.3.0" } ] }
- Type
- GIT
- Repo
- https://github.com/nystudio107/craft-seomatic
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
0.*
0.9.2063
0.9.2064
0.9.2065
0.9.2068
0.9.2071
0.9.2078
0.9.2079
0.9.2080
0.9.2081
0.9.2083
0.9.2090
0.9.2094
0.9.2100
0.9.2101
0.9.2102
0.9.2103
0.9.2106
0.9.2116
0.9.2117
0.9.2123
0.9.2124
0.9.2146
0.9.2151
0.9.2157
0.9.2167
0.9.2168
0.9.2177
0.9.2181
0.9.2184
0.9.2189
0.9.2193
0.9.2243
0.9.2246
1.*
1.0.0-alpha.2236
1.0.0-alpha.2237
1.0.0-alpha.2238
1.0.0-alpha.2241
1.0.0-alpha.2242
1.0.0-alpha.2244
1.0.0-alpha.2245
1.0.0-alpha.2247
1.0.0-alpha.2248
1.0.0-alpha.2249
1.0.2266
1.1.0-alpha.2283
1.1.0-alpha.2284
1.1.0-alpha.2285
1.1.0-alpha.2288
1.1.2291
1.2.0-alpha.2310
1.2.0-alpha.2312
1.2.0-alpha.2318
1.2.0-alpha.2319
1.2.0-alpha.2322
1.2.0-alpha.2328
1.2.0-alpha.2329
1.2.2333
1.2.2335
1.2.2336
1.2.2339
1.4.0-alpha.2488
1.4.0-alpha.2489
1.4.0-alpha.2490
1.4.0-alpha.2491
1.4.0-alpha.2492
1.4.0-alpha.2493
1.4.0-alpha.2497
1.4.0-alpha.2498
1.4.0-alpha.2499
1.4.0-alpha.2500
1.4.0-alpha.2502
1.4.0-alpha.2503
1.4.0-alpha.2505
1.4.0-alpha.2509
2.*
2.0.2524
2.0.2525
2.0.2527
2.0.2532
2.0.2533
2.0.2535
2.0.2536
2.0.2537
2.0.2538
2.0.2539
2.1.0-alpha.2546
2.1.0-alpha.2547
2.1.0-alpha.2552
2.1.2554
2.1.2555
2.1.2556
2.1.2557
2.2.0-alpha.2578
2.2.2579
2.2.2581
2.3.0-alpha.2600
2.3.0-alpha.2602
2.3.0-alpha.2603
2.3.0-alpha.2605
2.3.0-alpha.2606
2.3.0-alpha.2608
2.3.0-alpha.2610
2.3.0-alpha.2612
2.3.2615
2.3.2616
2.3.2617
3.*
3.0.0-RC10.1
3.0.0-alpha.2671
3.0.0-alpha.2681
3.0.0-alpha.2687
3.0.0-alpha.2915
3.0.0-alpha.2918
3.0.0-alpha.2928
3.0.0-alpha.2933
3.0.0-alpha.2937
3.0.0-alpha.2939
3.0.0-alpha.2942
3.0.0-alpha.2948
3.0.0-beta.1
3.0.23
3.0.26
3.0.26.1
3.0.27
3.0.27.1
3.0.28
3.0.29
3.0.30
3.0.30.1
3.0.30.2
3.0.31
3.0.32
3.0.33
3.0.34
3.0.35
3.0.36
3.0.37
3.1.1
3.1.10
3.1.11
3.1.12
3.1.13
3.1.14
3.1.15
3.1.16
3.1.17
3.1.17.1
3.1.17.2
3.1.18
3.1.19
3.1.2
3.1.2.1
3.1.2.2
3.1.20
3.1.20.1
3.1.21
3.1.21.1
3.1.22
3.1.23
3.1.24
3.1.25
3.1.26
3.1.27
3.1.28
3.1.29
3.1.3
3.1.30
3.1.31
3.1.32
3.1.32.1
3.1.33
3.1.34
3.1.4
3.1.5
3.1.6
3.1.6.1
3.1.7
3.1.8
3.1.9
3.1.9.1
3.2.0
3.2.1
3.2.10
3.2.2
3.2.3
3.2.4
3.2.4.1
3.2.5
3.2.5.1
3.2.6
3.2.7
3.2.8
3.2.9