Description
In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template.
Remediation
References
Related Vulnerabilities
WordPress Plugin Newsletter-Send awesome emails from WordPress Open Redirect (2.6.4.4)
MySQL CVE-2018-3133 Vulnerability (CVE-2018-3133)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-31546)
MySQL Improper Input Validation Vulnerability (CVE-2017-3258)
OpenSSL Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2009-1378)