CVE-2022-40634

Improper Control of Dynamically-Managed Code Resources in maven/org.craftercms/craftercms

Identifiers

GHSA-2jv3-v37p-65w3, CVE-2022-40634

Package Slug

maven/org.craftercms/craftercms

Vulnerability

Improper Control of Dynamically-Managed Code Resources

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.

Affected Versions

All versions starting from 3.1.0 before 3.1.23

Solution

Upgrade to version 3.1.23 or above.

Last Modified

2022-09-22

source