Description
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.
Remediation
References
https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051601
Related Vulnerabilities
CVE-2023-48219 Vulnerability in maven package org.webjars:tinymce
CVE-2020-6452 Vulnerability in npm package electron
CVE-2023-32992 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp
CVE-2023-46658 Vulnerability in maven package io.jenkins.plugins:teams-webhook-trigger
CVE-2021-3827 Vulnerability in maven package org.keycloak:keycloak-services