How severe is CVE-2021-23259?

CVE-2021-23259 has a CVSS v3 score of 4.2 (MEDIUM).

CVE-2021-23259

Name: crafter_cms
Author: craftercms

4.2MEDIUM

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, whi

게시됨: 12/2/2021업데이트됨: 11/21/2024

설명

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE).

AI 분석AI 기반

영향받는 제품

craftercmscrafter_cms

참조

https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120102
Vendor Advisory
https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120102
Vendor Advisory