3 matches found
CVE-2021-23258
Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause attackers to execute arbitrary commands remotely RCE...
CVE-2021-23258 Spring SPEL Expression Language Injection
Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause attackers to execute arbitrary commands remotely RCE...
CVE-2021-23258
The CVE-2021-23258 entry refers to a Crafter CMS expression injection vulnerability where an authenticated Administrator or Developer could abuse an unrestricted SPEL Expression in Spring beans to execute OS commands (RCE). Root cause: SPEL expressions are not secured, enabling remote code execut...