Lucene search
GoogleOSV:CVE-2021-23259HistoryDec 02, 2021 - 4:15 p.m.
CVE-2021-23259
2021-12-0216:15:07
Google
osv.dev
1
Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE).
| CPE | Name | Operator | Version |
|---|---|---|---|
| craftercms | eq | 3.1.7 | |
| craftercms | eq | 3.1.11 | |
| craftercms | eq | 3.1.5 | |
| craftercms | eq | 3.1.4 | |
| craftercms | eq | 3.1.10 | |
| craftercms | eq | 3.1.9 | |
| craftercms | eq | 3.1.0 | |
| craftercms | eq | 3.1.6 | |
| craftercms | eq | 3.1.8 | |
| craftercms | eq | 3.1.1 |
Related
cvelist
cvelist
CVE-2021-23259 Groovy Sandbox Bypass
2021-12-01 00:00:00
cve
cve
CVE-2021-23259
2021-12-02 16:15:07
prion
prion
Design/Logic Flaw
2021-12-02 16:15:00
nvd
nvd
CVE-2021-23259
2021-12-02 16:15:07
cnvd
cnvd
Crafter CMS Access Control Error Vulnerability
2021-12-04 00:00:00