GHSA-2jv3-v37p-65w3

Suggest an improvement
Source
https://github.com/advisories/GHSA-2jv3-v37p-65w3
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-2jv3-v37p-65w3/GHSA-2jv3-v37p-65w3.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-2jv3-v37p-65w3
Aliases
Published
2022-09-14T00:00:45Z
Modified
2023-11-01T04:59:55.161168Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
CrafterCMS Crafter Studio Improperly Controls Dynamically-Managed Code Resources
Details

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.

Database specific
{
    "nvd_published_at": "2022-09-13T19:15:00Z",
    "cwe_ids": [
        "CWE-78",
        "CWE-913"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-20T18:04:54Z"
}
References

Affected packages

Maven / org.craftercms:crafter-studio

Package

Name
org.craftercms:crafter-studio
View open source insights on deps.dev
Purl
pkg:maven/org.craftercms/crafter-studio

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.23

Affected versions

3.*

3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.4E
3.1.4t
3.1.5
3.1.5E
3.1.6
3.1.6E
3.1.7
3.1.7E
3.1.8
3.1.8E
3.1.9
3.1.9E
3.1.10
3.1.10E
3.1.11
3.1.11E
3.1.12
3.1.12E
3.1.13
3.1.13E
3.1.14
3.1.14E
3.1.15
3.1.15E
3.1.16
3.1.16E
3.1.17
3.1.17E
3.1.17.4
3.1.17.4E
3.1.17.5
3.1.17.5E
3.1.17.6
3.1.17.6E
3.1.17.7
3.1.17.7E
3.1.18
3.1.18E
3.1.19
3.1.19E
3.1.20
3.1.20E
3.1.21
3.1.21E
3.1.22
3.1.22E