CVE-2022-40634

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-40634

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40634.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-40634

Aliases

GHSA-2jv3-v37p-65w3

Published

2022-09-13T19:15:13.350Z

Modified

2026-03-14T11:53:34.876578Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.

References

https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051601

Affected packages

Git / github.com/craftercms/craftercms

Affected ranges

Type

GIT

Repo

https://github.com/craftercms/craftercms

Events

Introduced

8b4368c37a3ccdddbd37c1dd915d8352b3c6f1ef

Fixed

0c21190335660cda36b20218682b90a88019f81e

Database specific

{
    "versions": [
        {
            "introduced": "3.1.0"
        },
        {
            "fixed": "3.1.23"
        }
    ]
}

Affected versions

v3.*

v3.1.0

v3.1.1

v3.1.10

v3.1.11

v3.1.12

v3.1.14

v3.1.15

v3.1.16

v3.1.17

v3.1.18

v3.1.19

v3.1.20

v3.1.21

v3.1.22

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40634.json"