Maven package
org.craftercms/craftercms
pkg:maven/org.craftercms/craftercms
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-1770 | Med | — | >= 4.0.0, < 4.5.0 | 4.5.0 | Feb 2, 2026 | Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain R | |
| CVE-2022-40635 | — | >= 3.1.0, < 3.1.23 | 3.1.23 | Sep 13, 2022 | Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. | ||
| CVE-2021-23266 | — | >= 3.1.0, < 3.1.18 | 3.1.18 | May 16, 2022 | An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator. | ||
| CVE-2021-23265 | — | >= 3.1.0, < 3.1.18 | 3.1.18 | May 16, 2022 | A logged-in and authenticated user with a Reviewer Role may lock a content item. |
- affected >= 4.0.0, < 4.5.0fixed 4.5.0
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain R
- CVE-2022-40635Sep 13, 2022affected >= 3.1.0, < 3.1.23fixed 3.1.23
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.
- CVE-2021-23266May 16, 2022affected >= 3.1.0, < 3.1.18fixed 3.1.18
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
- CVE-2021-23265May 16, 2022affected >= 3.1.0, < 3.1.18fixed 3.1.18
A logged-in and authenticated user with a Reviewer Role may lock a content item.