High severityNVD Advisory· Published Oct 6, 2020· Updated Sep 17, 2024
Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via Groovy scripting.
CVE-2020-25802
Description
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.craftercms:crafter-studioMaven | >= 3.0, < 3.0.27 | 3.0.27 |
org.craftercms:crafter-studioMaven | >= 3.1, < 3.1.7 | 3.1.7 |
Affected products
1- Range: 3.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-wq3v-3grq-6f86ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-25802ghsaADVISORY
- docs.craftercms.org/en/3.1/security/advisory.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.