VYPR
Critical severityNVD Advisory· Published Dec 2, 2021· Updated Sep 16, 2024

Transmission of Private Resources into a New Sphere ('Resource Leak') and Exposure of Resource to Wrong Sphere in Crafter Search

CVE-2021-23264

Description

Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.craftercms:crafter-searchMaven
>= 3.1.0, < 3.1.153.1.15

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.