CVE-2021-40219

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-40219

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40219.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-40219

Aliases

GHSA-gprh-7767-cw39

Published

2022-04-11T17:15:08Z

Modified

2024-05-14T10:42:22.814482Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.

References

Affected packages

Git / github.com/bolt/core

Affected ranges

Type: GIT
Repo: https://github.com/bolt/core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

89dd040b440434e60bee9001ca69fa262dce061c

Affected versions

1.*

1.0.0-alpha1

4.*

4.0.0

4.0.0-alpha3

4.0.0-beta.1

4.0.0-beta.1.1

4.0.0-beta.1.2

4.0.0-beta.1.3

4.0.0-beta.1.4

4.0.0-beta.1.5

4.0.0-beta.1.6

4.0.0-beta.1.7

4.0.0-beta.1.8

4.0.0-beta.2

4.0.0-beta.2.1

4.0.0-beta.2.10

4.0.0-beta.2.2

4.0.0-beta.2.3

4.0.0-beta.2.4

4.0.0-beta.2.5

4.0.0-beta.2.6

4.0.0-beta.2.7

4.0.0-beta.2.8

4.0.0-beta.2.9

4.0.0-beta.3

4.0.0-beta.3.1

4.0.0-beta.3.2

4.0.0-beta.3.3

4.0.0-beta.3.4

4.0.0-beta.3.5

4.0.0-beta.3.6

4.0.0-beta.3.7

4.0.0-beta.3.8

4.0.0-beta.4

4.0.0-beta.4.1

4.0.0-beta.4.2

4.0.0-beta.4.3

4.0.0-beta.4.4

4.0.0-beta.4.5

4.0.0-beta.4.6

4.0.0-beta.5

4.0.0-beta.5.1

4.0.0-beta.5.2

4.0.0-beta.5.3

4.0.0-beta.5.4

4.0.0-beta.5.5

4.0.0-beta.5.6

4.0.0-beta.5.7

4.0.0-beta.5.8

4.0.0-beta.5.9

4.0.0-rc.1

4.0.0-rc.10

4.0.0-rc.11

4.0.0-rc.12

4.0.0-rc.13

4.0.0-rc.14

4.0.0-rc.15

4.0.0-rc.16

4.0.0-rc.17

4.0.0-rc.18

4.0.0-rc.19

4.0.0-rc.2

4.0.0-rc.20

4.0.0-rc.21

4.0.0-rc.22

4.0.0-rc.23

4.0.0-rc.24

4.0.0-rc.25

4.0.0-rc.26

4.0.0-rc.27

4.0.0-rc.28

4.0.0-rc.29

4.0.0-rc.3

4.0.0-rc.31

4.0.0-rc.32

4.0.0-rc.33

4.0.0-rc.34

4.0.0-rc.35

4.0.0-rc.37

4.0.0-rc.39

4.0.0-rc.4

4.0.0-rc.40

4.0.0-rc.41

4.0.0-rc.42

4.0.0-rc.43

4.0.0-rc.44

4.0.0-rc.5

4.0.0-rc.6

4.0.0-rc.7

4.0.0-rc.8

4.0.0-rc.9

4.0.1

4.1.0

4.1.10

4.1.11

4.1.12

4.1.13

4.1.14

4.1.15

4.1.16

4.1.17

4.1.18

4.1.19

4.1.2

4.1.20

4.1.21

4.1.21.1

4.1.22

4.1.23

4.1.3

4.1.4

4.1.5

4.1.6

4.1.7

4.1.7.1

4.1.8

4.1.9

4.2.0

4.2.0-beta.10

4.2.0-beta.11

4.2.0-beta.12

4.2.0-beta.13

4.2.0-beta.14

4.2.0-beta.7

4.2.0-beta.7.1

4.2.0-beta.7.2

4.2.0-beta.8

4.2.0-beta.8.1

4.2.0-beta.8.2

4.2.0-beta.8.3

4.2.0-beta.9

4.2.0-rc.1