Improper Control of Dynamically-Managed Code Resources
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.
Advisories for Maven/Org.craftercms/Craftercms package
2022
Improper Control of Dynamically-Managed Code Resources
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.
Improper Privilege Management
A logged-in and authenticated user with a Reviewer Role may lock a content item.
Improper Encoding or Escaping of Output
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
False Positive
This advisory has been moved to affect org.craftercms:crafter-studio