Design/Logic Flaw

2020-10-0614:15:00

PRIOn knowledge base

www.prio-n.com

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.

References

docs.craftercms.org/en/3.1/security/advisory.html