GHSA-r6fx-55x3-f9x6
Suggest an improvement- Source
- https://github.com/advisories/GHSA-r6fx-55x3-f9x6
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r6fx-55x3-f9x6/GHSA-r6fx-55x3-f9x6.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-r6fx-55x3-f9x6
- Aliases
- Published
- 2022-05-17T00:00:34Z
- Modified
- 2024-02-16T08:20:27.554892Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Crafter CMS Crafter Studio vulnerable to Improper Control of Dynamically-Managed Code Resources
- Details
-
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.
- Database specific
{ "nvd_published_at": "2022-05-16T17:15:00Z", "cwe_ids": [ "CWE-913" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-06-02T13:44:50Z" }- References
Affected packages
Maven / org.craftercms:crafter-studio
Package
- Name
- org.craftercms:crafter-studio
- View open source insights on deps.dev
- Purl
- pkg:maven/org.craftercms/crafter-studio
Affected versions
3.*
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.4E
3.1.4t
3.1.5
3.1.5E
3.1.6
3.1.6E
3.1.7
3.1.7E
3.1.8
3.1.8E
3.1.9
3.1.9E
3.1.10
3.1.10E
3.1.11
3.1.11E
3.1.12
3.1.12E
3.1.13
3.1.13E
3.1.14
3.1.14E
3.1.15
3.1.15E
3.1.16
3.1.16E
3.1.17
3.1.17E
3.1.17.4
3.1.17.4E
3.1.17.5
3.1.17.5E
3.1.17.6
3.1.17.6E
3.1.17.7
3.1.17.7E