VYPR
High severity8.6NVD Advisory· Published Feb 11, 2021· Updated Jun 17, 2026

CVE-2021-21307

CVE-2021-21307

Description

Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, one can block access to the Lucee Administrator.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lucee/Luceellm-fuzzy2 versions
    <5.3.7.47, <5.3.6.68, <5.3.5.96+ 1 more
    • (no CPE)range: <5.3.7.47, <5.3.6.68, <5.3.5.96
    • (no CPE)range: >= 5.3.5.0, < 5.3.5.96

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.