CVE-2021-23263

Summary

Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/, /templates/ and some of the files in /.git/* (non-binary).

Affected Software

VendorProductVersion RangeStatus
Crafter SoftwareCrafter CMS3.1 < 3.1.15affected

Weaknesses

  • CWE-402: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')

ADP Enrichment

CVE Program Container

Additional References

References