info.magnolia:magnolia-core

Maven5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting info.magnolia:magnolia-corepage 1 of 1

CVE-2021-46361CRITICALCVSS 9.8EG 9.8✓ Fixed in 6.2.12
2022-02-11
An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.
CVE-2021-46363HIGHCVSS 7.8EG 7.8✓ Fixed in 6.2.4
2022-02-11
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exp…
CVE-2021-46364HIGHCVSS 7.8EG 7.8✓ Fixed in 6.2.4
2022-02-11
A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file.
CVE-2021-46365HIGHCVSS 7.8EG 7.8✓ Fixed in 6.2.4
2022-02-11
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file.
CVE-2021-46366HIGHCVSS 8.8EG 8.8✓ Fixed in 6.2.4
2022-02-11
An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.

Check whether info.magnolia:magnolia-core is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for info.magnolia:magnolia-core CVEs against the assets you own.

Start Free Scan →