GHSA-2jv3-v37p-65w3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2jv3-v37p-65w3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-2jv3-v37p-65w3/GHSA-2jv3-v37p-65w3.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-2jv3-v37p-65w3
- Aliases
- Published
- 2022-09-14T00:00:45Z
- Modified
- 2024-02-16T08:14:16.395251Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- CrafterCMS Crafter Studio Improperly Controls Dynamically-Managed Code Resources
- Details
-
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.
- Database specific
{ "nvd_published_at": "2022-09-13T19:15:00Z", "cwe_ids": [ "CWE-78", "CWE-913" ], "github_reviewed_at": "2022-09-20T18:04:54Z", "severity": "HIGH", "github_reviewed": true }- References
Affected packages
Maven / org.craftercms:crafter-studio
Package
- Name
- org.craftercms:crafter-studio
- View open source insights on deps.dev
- Purl
- pkg:maven/org.craftercms/crafter-studio
Affected versions
3.*
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.4E
3.1.4t
3.1.5
3.1.5E
3.1.6
3.1.6E
3.1.7
3.1.7E
3.1.8
3.1.8E
3.1.9
3.1.9E
3.1.10
3.1.10E
3.1.11
3.1.11E
3.1.12
3.1.12E
3.1.13
3.1.13E
3.1.14
3.1.14E
3.1.15
3.1.15E
3.1.16
3.1.16E
3.1.17
3.1.17E
3.1.17.4
3.1.17.4E
3.1.17.5
3.1.17.5E
3.1.17.6
3.1.17.6E
3.1.17.7
3.1.17.7E
3.1.18
3.1.18E
3.1.19
3.1.19E
3.1.20
3.1.20E
3.1.21
3.1.21E
3.1.22
3.1.22E