How severe is CVE-2021-23259?

CVE-2021-23259 has a CVSS v3 score of 4.2 (MEDIUM).

CVE-2021-23259

Name: crafter_cms
Author: craftercms

4.2MEDIUM

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, whi

发布于: 12/2/2021更新于: 11/21/2024

描述

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE).

AI分析AI驱动

受影响产品

craftercmscrafter_cms

参考资料

https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120102
Vendor Advisory
https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120102
Vendor Advisory