Description
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.
Remediation
References
https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2020080101
Related Vulnerabilities
CVE-2022-34777 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-plugin
CVE-2022-36093 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2021-21141 Vulnerability in maven package org.webjars.npm:electron
CVE-2018-6874 Vulnerability in maven package org.webjars.bower:auth0-lock
CVE-2023-49446 Vulnerability in maven package com.jfinal:jfinal