CVE-2021-46361

Опубликовано: 11 фев. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.

Ссылки

https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.12.html#_security_advisory
Release Notes
Vendor Advisory
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46361-FreeMarker%20Bypass-Magnolia%20CMS
Exploit
Third Party Advisory
https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.12.html#_security_advisory
Release Notes
Vendor Advisory
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46361-FreeMarker%20Bypass-Magnolia%20CMS
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:magnolia-cms:magnolia_cms:*:*:*:*:*:*:*:*

Версия до 6.2.12 (исключая)

EPSS

Процентиль: 77%

0.01

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-m4hg-5p2m-fm5m