Crayfish allows Remote Code Execution via Homarus Authorization header
What kind of vulnerability is it? Who is impacted? Remote code execution may be possible in web-accessible installations of Homarus in certain configurations.
Advisories for Composer/Islandora/Crayfish package
2025