org.craftercms:crafter-studio
Maven10 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.craftercms:crafter-studiopage 1 of 1
- CVE-2017-15681CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.0.22020-11-27
vulnerable: 3.0.0, 3.0.1
In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.
- CVE-2017-15684HIGHCVSS 7.5EG 7.5✓ Fixed in 3.0.22020-11-27
vulnerable: 3.0.0, 3.0.1
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.
- CVE-2017-15685HIGHCVSS 8.6EG 8.6✓ Fixed in 3.0.22020-11-27
vulnerable: 3.0.0, 3.0.1
Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
- CVE-2017-15686MEDIUMCVSS 6.1EG 6.1✓ Fixed in 3.0.22020-11-27
vulnerable: 3.0.0, 3.0.1
Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies.
- CVE-2018-19907HIGHCVSS 8.8EG 8.82018-12-06
vulnerable: 3.0.0 ... 3.0.9 (19 versions)
A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utilit…
- CVE-2020-25802MEDIUMCVSS 4.2EG 4.2✓ Fixed in 3.1.72020-10-06
vulnerable: 3.1.0 ... 3.1.6E (11 versions)
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 version…
- CVE-2020-25803MEDIUMCVSS 4.2EG 4.2✓ Fixed in 3.1.72020-10-06
vulnerable: 3.1.0 ... 3.1.6E (11 versions)
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Craf…
- CVE-2021-23267HIGHCVSS 7.6EG 7.6✓ Fixed in 3.1.182022-05-16
vulnerable: 3.1.0 ... 3.1.9E (41 versions)
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.
- CVE-2022-40634MEDIUMCVSS 6.4EG 6.4✓ Fixed in 3.1.232022-09-13
vulnerable: 3.1.0 ... 3.1.9E (51 versions)
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.
- CVE-2025-6384CRITICALCVSS 9.1EG 9.1✓ Fixed in 4.3.02025-06-19
vulnerable: 4.0.1 ... 4.2.2 (12 versions)
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may…
Check whether org.craftercms:crafter-studio is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.craftercms:crafter-studio CVEs against the assets you own.
Start Free Scan →