VYPR
High severityNVD Advisory· Published Oct 6, 2020· Updated Sep 17, 2024

Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via Groovy scripting.

CVE-2020-25802

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.craftercms:crafter-studioMaven
>= 3.0, < 3.0.273.0.27
org.craftercms:crafter-studioMaven
>= 3.1, < 3.1.73.1.7

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.