VYPR

Maven package

org.craftercms/craftercms

pkg:maven/org.craftercms/craftercms

Vulnerabilities (4)

  • CVE-2026-1770MedFeb 2, 2026
    affected >= 4.0.0, < 4.5.0fixed 4.5.0

    Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain R

  • CVE-2022-40635Sep 13, 2022
    affected >= 3.1.0, < 3.1.23fixed 3.1.23

    Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

  • CVE-2021-23266May 16, 2022
    affected >= 3.1.0, < 3.1.18fixed 3.1.18

    An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.

  • CVE-2021-23265May 16, 2022
    affected >= 3.1.0, < 3.1.18fixed 3.1.18

    A logged-in and authenticated user with a Reviewer Role may lock a content item.