CVE-2022-40634

Improper Control of Dynamically-Managed Code Resources in maven/org.craftercms/crafter-studio

Identifiers

GHSA-2jv3-v37p-65w3, CVE-2022-40634

Package Slug

maven/org.craftercms/crafter-studio

Vulnerability

Improper Control of Dynamically-Managed Code Resources

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.

Affected Versions

All versions starting from 3.1.0 before 3.1.23

Solution

Upgrade to version 3.1.23 or above.

Last Modified

2023-09-12

source