Security Advisories

CV-2020080101

Date

2020.08.01

Affected Versions

3.0 < 3.0.27
3.1 < 3.1.7

Vulnerability Type

RCE

Risk

Medium

Description

Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via Groovy scripting.

CVE

TBD

CV-2020080102

Date

2020.08.01

Affected Versions

3.0 < 3.0.27
3.1 < 3.1.7

Vulnerability Type

RCE

Risk

Medium

Description

Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via deep inspection of FreeMarker template exposed objects.

CVE

TBD

CV-2018120601

Date

2018.12.06

Affected Versions

3.0 < 3.0.19

Vulnerability Type

RCE

Risk

Medium

Description

Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via FreeMarker templates.

CVE

https://nvd.nist.gov/vuln/detail/CVE-2018-19907