High severity7.2NVD Advisory· Published Jan 28, 2020· Updated Jun 17, 2026
CVE-2020-7799
CVE-2020-7799
Description
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- FusionAuth/FusionAuthdescription
- Range: <1.11.0
Patches
Vulnerability mechanics
References
4- fusionauth.io/docs/v1/tech/release-notesnvdExploitRelease NotesVendor Advisory
- packetstormsecurity.com/files/156102/FusionAuth-1.10-Remote-Command-Execution.htmlnvdThird Party AdvisoryVDB Entry
- lab.mediaservice.net/advisory/2020-03-fusionauth.txtnvdThird Party Advisory
- seclists.org/bugtraq/2020/Jan/39nvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.