High severityNVD Advisory· Published Nov 27, 2020· Updated Aug 5, 2024
CVE-2017-15685
CVE-2017-15685
Description
Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.craftercms:crafter-studioMaven | < 3.0.2 | 3.0.2 |
Affected products
2- Crafter CMS/Crafter Studiodescription
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-5hr6-vc97-qxxhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-15685ghsaADVISORY
- crafter.comghsax_refsource_MISCWEB
- docs.craftercms.org/en/3.0/security/advisory.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.