CWE-913
Improper Control of Dynamically-Managed Code Resources
The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.
CVE-2021-23262 (GCVE-0-2021-23262)
Vulnerability from cvelistv5 – Published: 2021-12-02 15:40 – Updated: 2024-09-16 21:57
VLAI
Title
Snakeyaml deserialization vulnerability bypass
Summary
Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE.
Severity
4.2 (Medium)
CWE
- CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.craftercms.org/en/3.1/security/advis… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crafter Software | Crafter CMS |
Affected:
3.1 , < 3.1.13
(custom)
|
Date Public
2021-12-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Crafter CMS",
"vendor": "Crafter Software",
"versions": [
{
"lessThan": "3.1.13",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kai Zhao (ToTU Security Team)"
}
],
"datePublic": "2021-12-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-02T15:40:57.000Z",
"orgId": "4ff2b028-869f-4b00-a7b2-05997f6f14fd",
"shortName": "crafter"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120105"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Snakeyaml deserialization vulnerability bypass",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@craftersoftware.com",
"DATE_PUBLIC": "2021-12-01T15:40:00.000Z",
"ID": "CVE-2021-23262",
"STATE": "PUBLIC",
"TITLE": "Snakeyaml deserialization vulnerability bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crafter CMS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.1",
"version_value": "3.1.13"
}
]
}
}
]
},
"vendor_name": "Crafter Software"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kai Zhao (ToTU Security Team)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-913 Improper Control of Dynamically-Managed Code Resources"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120105",
"refsource": "MISC",
"url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120105"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4ff2b028-869f-4b00-a7b2-05997f6f14fd",
"assignerShortName": "crafter",
"cveId": "CVE-2021-23262",
"datePublished": "2021-12-02T15:40:57.695Z",
"dateReserved": "2021-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:57:11.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23267 (GCVE-0-2021-23267)
Vulnerability from cvelistv5 – Published: 2022-05-16 17:05 – Updated: 2024-09-16 23:20
VLAI
Title
Improper Control of Dynamically-Managed Code Resources in Crafter Studio
Summary
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.
Severity
7.6 (High)
CWE
- CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.craftercms.org/en/3.1/security/advis… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crafter Software | Crafter CMS |
Affected:
3.1 , ≤ 3.1.17
(custom)
|
Date Public
2022-05-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051603"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Crafter CMS",
"vendor": "Crafter Software",
"versions": [
{
"lessThanOrEqual": "3.1.17",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kai Zhao (ToTU Security Team)"
}
],
"datePublic": "2022-05-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T17:05:25.000Z",
"orgId": "4ff2b028-869f-4b00-a7b2-05997f6f14fd",
"shortName": "crafter"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051603"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Control of Dynamically-Managed Code Resources in Crafter Studio",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@craftersoftware.com",
"DATE_PUBLIC": "2022-05-16T14:58:00.000Z",
"ID": "CVE-2021-23267",
"STATE": "PUBLIC",
"TITLE": "Improper Control of Dynamically-Managed Code Resources in Crafter Studio"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crafter CMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.1",
"version_value": "3.1.17"
}
]
}
}
]
},
"vendor_name": "Crafter Software"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kai Zhao (ToTU Security Team)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-913 Improper Control of Dynamically-Managed Code Resources"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051603",
"refsource": "MISC",
"url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051603"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4ff2b028-869f-4b00-a7b2-05997f6f14fd",
"assignerShortName": "crafter",
"cveId": "CVE-2021-23267",
"datePublished": "2022-05-16T17:05:25.974Z",
"dateReserved": "2021-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:20:45.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32813 (GCVE-0-2021-32813)
Vulnerability from cvelistv5 – Published: 2021-08-03 22:50 – Updated: 2024-08-03 23:33
VLAI
Title
Drop Headers via Malicious Connection Header
Summary
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse. If one has a chain of Traefik middlewares, and one of them sets a request header, then sending a request with a certain Connection header will cause it to be removed before the request is sent. In this case, the backend does not see the request header. A patch is available in version 2.4.13. There are no known workarounds aside from upgrading.
Severity
4.8 (Medium)
CWE
- CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/traefik/traefik/security/advis… | x_refsource_CONFIRM |
| https://github.com/traefik/traefik/pull/8319/comm… | x_refsource_MISC |
| https://github.com/traefik/traefik/releases/tag/v2.4.13 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-m697-4v8f-55qg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/traefik/traefik/pull/8319/commits/cbaf86a93014a969b8accf39301932c17d0d73f9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/traefik/traefik/releases/tag/v2.4.13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "traefik",
"vendor": "traefik",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.13"
},
{
"status": "affected",
"version": "\u003c= 1.7.30"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik\u0027s handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse. If one has a chain of Traefik middlewares, and one of them sets a request header, then sending a request with a certain Connection header will cause it to be removed before the request is sent. In this case, the backend does not see the request header. A patch is available in version 2.4.13. There are no known workarounds aside from upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913: Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-03T22:50:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-m697-4v8f-55qg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/traefik/traefik/pull/8319/commits/cbaf86a93014a969b8accf39301932c17d0d73f9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/traefik/traefik/releases/tag/v2.4.13"
}
],
"source": {
"advisory": "GHSA-m697-4v8f-55qg",
"discovery": "UNKNOWN"
},
"title": "Drop Headers via Malicious Connection Header",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32813",
"STATE": "PUBLIC",
"TITLE": "Drop Headers via Malicious Connection Header"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "traefik",
"version": {
"version_data": [
{
"version_value": "\u003c 2.4.13"
},
{
"version_value": "\u003c= 1.7.30"
}
]
}
}
]
},
"vendor_name": "traefik"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik\u0027s handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse. If one has a chain of Traefik middlewares, and one of them sets a request header, then sending a request with a certain Connection header will cause it to be removed before the request is sent. In this case, the backend does not see the request header. A patch is available in version 2.4.13. There are no known workarounds aside from upgrading."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-913: Improper Control of Dynamically-Managed Code Resources"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/traefik/traefik/security/advisories/GHSA-m697-4v8f-55qg",
"refsource": "CONFIRM",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-m697-4v8f-55qg"
},
{
"name": "https://github.com/traefik/traefik/pull/8319/commits/cbaf86a93014a969b8accf39301932c17d0d73f9",
"refsource": "MISC",
"url": "https://github.com/traefik/traefik/pull/8319/commits/cbaf86a93014a969b8accf39301932c17d0d73f9"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v2.4.13",
"refsource": "MISC",
"url": "https://github.com/traefik/traefik/releases/tag/v2.4.13"
}
]
},
"source": {
"advisory": "GHSA-m697-4v8f-55qg",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32813",
"datePublished": "2021-08-03T22:50:11.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:33:55.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42809 (GCVE-0-2021-42809)
Vulnerability from cvelistv5 – Published: 2021-12-20 20:19 – Updated: 2024-08-04 03:38
VLAI
Title
The Sentinel Protection Installer 7.7.0 does not properly restrict loading Dynamic Link Library
Summary
Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code.
Severity
6.5 (Medium)
CWE
- CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cpl.thalesgroup.com/fr/software-monetizat… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Thales | Sentinel Protection Installer |
Affected:
7.7.0 , ≤ 7.7.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Sentinel Protection Installer",
"vendor": "Thales",
"versions": [
{
"lessThanOrEqual": "7.7.0",
"status": "affected",
"version": "7.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Intel Corp"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:19:09.000Z",
"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"shortName": "THA-PSIRT"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Sentinel Protection Installer to version 7.7.1 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "The Sentinel Protection Installer 7.7.0 does not properly restrict loading Dynamic Link Library",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@thalesgroup.com",
"ID": "CVE-2021-42809",
"STATE": "PUBLIC",
"TITLE": "The Sentinel Protection Installer 7.7.0 does not properly restrict loading Dynamic Link Library"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sentinel Protection Installer",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_name": "7.7.0",
"version_value": "7.7.0"
}
]
}
}
]
},
"vendor_name": "Thales"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Intel Corp"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-913 Improper Control of Dynamically-Managed Code Resources"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates",
"refsource": "MISC",
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Sentinel Protection Installer to version 7.7.1 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"assignerShortName": "THA-PSIRT",
"cveId": "CVE-2021-42809",
"datePublished": "2021-12-20T20:19:09.000Z",
"dateReserved": "2021-10-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:38:50.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31764 (GCVE-0-2022-31764)
Vulnerability from cvelistv5 – Published: 2025-02-06 14:23 – Updated: 2025-02-06 16:25
VLAI
Title
Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC
Summary
The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2.
The premise of this attack is that the attacker has obtained the account and password. Otherwise, the attacker cannot perform this attack.
Severity
8.5 (High)
CWE
- CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/pg0k223m4hsnnzg4n… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache ShardingSphere ElasticJob-UI |
Affected:
3.0.0 , ≤ 3.0.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T16:25:39.373808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T16:25:45.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Apache ShardingSphere ElasticJob-UI",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "3.0.1",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2.\nThe premise of this attack is that the attacker has obtained the account and password. Otherwise, the attacker cannot perform this attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T14:23:03.166Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/pg0k223m4hsnnzg4nh7lxvdxxgbkrlqb"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC",
"x_generator": {
"engine": "vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-31764",
"STATE": "PUBLIC",
"TITLE": "Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache ShardingSphere ElasticJob-UI",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Apache ShardingSphere ElasticJob-UI 3.x",
"version_value": "3.0.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2.\nThe premise of this attack is that the attacker has obtained the account and password. Otherwise, the attacker cannot perform this attack."
}
]
},
"generator": {
"engine": "vulnogram 0.2.0"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-913 Improper Control of Dynamically-Managed Code Resources"
}
]
}
]
},
"references": {
"reference_data": []
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-31764",
"datePublished": "2025-02-06T14:23:03.166Z",
"dateReserved": "2022-05-27T08:27:18.571Z",
"dateUpdated": "2025-02-06T16:25:45.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3225 (GCVE-0-2022-3225)
Vulnerability from cvelistv5 – Published: 2022-09-16 16:20 – Updated: 2024-08-03 01:00
VLAI
Title
Improper Control of Dynamically-Managed Code Resources in budibase/budibase
Summary
Improper Control of Dynamically-Managed Code Resources in GitHub repository budibase/budibase prior to 1.3.20.
Severity
8.8 (High)
CWE
- CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/a13a56b7-04da-4560-b8e… | x_refsource_CONFIRM |
| https://github.com/budibase/budibase/commit/d3586… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| budibase | budibase/budibase |
Affected:
unspecified , < 1.3.20
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a13a56b7-04da-4560-b8ec-0d637d12a245"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/budibase/budibase/commit/d35864be0854216693a01307f81ffcabf6d549df"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "budibase/budibase",
"vendor": "budibase",
"versions": [
{
"lessThan": "1.3.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Control of Dynamically-Managed Code Resources in GitHub repository budibase/budibase prior to 1.3.20.\u003c/p\u003e"
}
],
"value": "Improper Control of Dynamically-Managed Code Resources in GitHub repository budibase/budibase prior to 1.3.20."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:55:53.461Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a13a56b7-04da-4560-b8ec-0d637d12a245"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/budibase/budibase/commit/d35864be0854216693a01307f81ffcabf6d549df"
}
],
"source": {
"advisory": "a13a56b7-04da-4560-b8ec-0d637d12a245",
"discovery": "EXTERNAL"
},
"title": "Improper Control of Dynamically-Managed Code Resources in budibase/budibase",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3225",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in budibase/budibase"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "budibase/budibase",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3.20"
}
]
}
}
]
},
"vendor_name": "budibase"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control in GitHub repository budibase/budibase prior to 1.3.20."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a13a56b7-04da-4560-b8ec-0d637d12a245",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a13a56b7-04da-4560-b8ec-0d637d12a245"
},
{
"name": "https://github.com/budibase/budibase/commit/d35864be0854216693a01307f81ffcabf6d549df",
"refsource": "MISC",
"url": "https://github.com/budibase/budibase/commit/d35864be0854216693a01307f81ffcabf6d549df"
}
]
},
"source": {
"advisory": "a13a56b7-04da-4560-b8ec-0d637d12a245",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3225",
"datePublished": "2022-09-16T16:20:11.000Z",
"dateReserved": "2022-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T01:00:10.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36067 (GCVE-0-2022-36067)
Vulnerability from cvelistv5 – Published: 2022-09-06 00:00 – Updated: 2025-04-22 17:24
VLAI
Title
vm2 vulnerable to Sandbox Escape before v3.9.11
Summary
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.11 of vm2. There are no known workarounds.
Severity
10 (Critical)
CWE
- CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| patriksimek | vm2 |
Affected:
< 3.9.11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:51:59.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-mrgp-mrhc-5jrq"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/patriksimek/vm2/issues/467"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/patriksimek/vm2/commit/d9a7f3cc995d3d861e1380eafb886cb3c5e2b873#diff-b1a515a627d820118e76d0e323fe2f0589ed50a1eacb490f6c3278fe3698f164"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/patriksimek/vm2/blob/master/lib/setup-sandbox.js#L71"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221017-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36067",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:37:00.549158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T17:24:29.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vm2",
"vendor": "patriksimek",
"versions": [
{
"status": "affected",
"version": "\u003c 3.9.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vm2 is a sandbox that can run untrusted code with whitelisted Node\u0027s built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.11 of vm2. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913: Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-mrgp-mrhc-5jrq"
},
{
"url": "https://github.com/patriksimek/vm2/issues/467"
},
{
"url": "https://github.com/patriksimek/vm2/commit/d9a7f3cc995d3d861e1380eafb886cb3c5e2b873#diff-b1a515a627d820118e76d0e323fe2f0589ed50a1eacb490f6c3278fe3698f164"
},
{
"url": "https://github.com/patriksimek/vm2/blob/master/lib/setup-sandbox.js#L71"
},
{
"url": "https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221017-0002/"
}
],
"source": {
"advisory": "GHSA-mrgp-mrhc-5jrq",
"discovery": "UNKNOWN"
},
"title": "vm2 vulnerable to Sandbox Escape before v3.9.11"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36067",
"datePublished": "2022-09-06T00:00:00.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-22T17:24:29.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39051 (GCVE-0-2022-39051)
Vulnerability from cvelistv5 – Published: 2022-09-05 06:40 – Updated: 2024-09-16 17:18
VLAI
Title
Perl Code execution in Template Toolkit
Summary
Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package
Severity
6.8 (Medium)
CWE
- CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://otrs.com/release-notes/otrs-security-advi… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OTRS AG | OTRS |
Affected:
7.0.x 7.0.36
Affected: 8.0.x 8.0.24 |
|
| OTRS AG | ((OTRS)) Community Edition |
Affected:
6.0.1 , < 6.0.x*
(custom)
|
Date Public
2022-09-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:10:32.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-12/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"status": "affected",
"version": "7.0.x 7.0.36"
},
{
"status": "affected",
"version": "8.0.x 8.0.24"
}
]
},
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "6.0.x*",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T06:40:12.000Z",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-12/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 8.0.25 or OTRS 7.0.37."
}
],
"source": {
"advisory": "OSA-2022-12",
"defect": [
"2022042942000784"
],
"discovery": "USER"
},
"title": "Perl Code execution in Template Toolkit",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@otrs.com",
"DATE_PUBLIC": "2022-09-05T07:00:00.000Z",
"ID": "CVE-2022-39051",
"STATE": "PUBLIC",
"TITLE": "Perl Code execution in Template Toolkit"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_name": "7.0.x",
"version_value": "7.0.36"
},
{
"version_name": "8.0.x",
"version_value": "8.0.24"
}
]
}
},
{
"product_name": "((OTRS)) Community Edition",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "6.0.x",
"version_value": "6.0.1"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-913 Improper Control of Dynamically-Managed Code Resources"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://otrs.com/release-notes/otrs-security-advisory-2022-12/",
"refsource": "CONFIRM",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-12/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to OTRS 8.0.25 or OTRS 7.0.37."
}
],
"source": {
"advisory": "OSA-2022-12",
"defect": [
"2022042942000784"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2022-39051",
"datePublished": "2022-09-05T06:40:12.771Z",
"dateReserved": "2022-08-31T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:18:42.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40634 (GCVE-0-2022-40634)
Vulnerability from cvelistv5 – Published: 2022-09-13 18:25 – Updated: 2024-09-16 23:36
VLAI
Title
Improper Control of Dynamically-Managed Code Resources in Crafter Studio
Summary
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.
Severity
6.4 (Medium)
CWE
- CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.craftercms.org/en/3.1/security/advis… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crafter Software | Crafter CMS |
Affected:
3.1 , ≤ 3.1.22
(custom)
|
Date Public
2022-09-13 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Crafter CMS",
"vendor": "Crafter Software",
"versions": [
{
"lessThanOrEqual": "3.1.22",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matei \"Mal\" Badanoiu"
}
],
"datePublic": "2022-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T18:25:09.000Z",
"orgId": "4ff2b028-869f-4b00-a7b2-05997f6f14fd",
"shortName": "crafter"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051601"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Control of Dynamically-Managed Code Resources in Crafter Studio",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@craftersoftware.com",
"DATE_PUBLIC": "2022-09-13T15:42:00.000Z",
"ID": "CVE-2022-40634",
"STATE": "PUBLIC",
"TITLE": "Improper Control of Dynamically-Managed Code Resources in Crafter Studio"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crafter CMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.1",
"version_value": "3.1.22"
}
]
}
}
]
},
"vendor_name": "Crafter Software"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matei \"Mal\" Badanoiu"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-913 Improper Control of Dynamically-Managed Code Resources"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051601",
"refsource": "MISC",
"url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051601"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4ff2b028-869f-4b00-a7b2-05997f6f14fd",
"assignerShortName": "crafter",
"cveId": "CVE-2022-40634",
"datePublished": "2022-09-13T18:25:09.814Z",
"dateReserved": "2022-09-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:36:30.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40635 (GCVE-0-2022-40635)
Vulnerability from cvelistv5 – Published: 2022-09-13 18:25 – Updated: 2024-09-16 16:13
VLAI
Title
Improper Control of Dynamically-Managed Code Resources in Crafter Studio
Summary
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.
Severity
6.4 (Medium)
CWE
- CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.craftercms.org/en/3.1/security/advis… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crafter Software | Crafter CMS |
Affected:
3.1 , ≤ 3.1.22
(custom)
|
Date Public
2022-09-13 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Crafter CMS",
"vendor": "Crafter Software",
"versions": [
{
"lessThanOrEqual": "3.1.22",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matei \"Mal\" Badanoiu"
}
],
"datePublic": "2022-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T18:25:10.000Z",
"orgId": "4ff2b028-869f-4b00-a7b2-05997f6f14fd",
"shortName": "crafter"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051602"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Control of Dynamically-Managed Code Resources in Crafter Studio",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@craftersoftware.com",
"DATE_PUBLIC": "2022-09-13T15:42:00.000Z",
"ID": "CVE-2022-40635",
"STATE": "PUBLIC",
"TITLE": "Improper Control of Dynamically-Managed Code Resources in Crafter Studio"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crafter CMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.1",
"version_value": "3.1.22"
}
]
}
}
]
},
"vendor_name": "Crafter Software"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matei \"Mal\" Badanoiu"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-913 Improper Control of Dynamically-Managed Code Resources"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051602",
"refsource": "MISC",
"url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051602"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4ff2b028-869f-4b00-a7b2-05997f6f14fd",
"assignerShortName": "crafter",
"cveId": "CVE-2022-40635",
"datePublished": "2022-09-13T18:25:10.622Z",
"dateReserved": "2022-09-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:13:57.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Implementation
Strategy: Input Validation
Description:
- For any externally-influenced input, check the input against an allowlist of acceptable values.
Mitigation
Phases: Implementation, Architecture and Design
Strategy: Refactoring
Description:
- Refactor the code so that it does not need to be dynamically managed.
No CAPEC attack patterns related to this CWE.