Description
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
Remediation
References
https://docs.craftercms.org/en/3.0/security/advisory.html
http://crafter.com
Related Vulnerabilities
CVE-2021-21691 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2018-1000111 Vulnerability in maven package org.jenkins-ci.plugins:subversion
CVE-2010-3863 Vulnerability in maven package org.jsecurity:jsecurity
CVE-2017-1000106 Vulnerability in maven package io.jenkins.blueocean:blueocean-bitbucket-pipeline