Critical severityNVD Advisory· Published Dec 2, 2021· Updated Sep 16, 2024
Transmission of Private Resources into a New Sphere ('Resource Leak') and Exposure of Resource to Wrong Sphere in Crafter Search
CVE-2021-23264
Description
Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.craftercms:crafter-searchMaven | >= 3.1.0, < 3.1.15 | 3.1.15 |
Affected products
2- Range: 3.1
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-2wr2-8qjq-gh55ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23264ghsaADVISORY
- docs.craftercms.org/en/3.1/security/advisory.htmlghsax_refsource_MISCWEB
- github.com/craftercms/craftercms/commit/0e256ef0372c7be9d6e2fefc4652dd4fd94770a1ghsaWEB
News mentions
0No linked articles in our index yet.