org.craftercms:craftercms

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.craftercms:craftercmspage 1 of 1

CVE-2021-23265LOWCVSS 3.5EG 3.5✓ Fixed in 3.1.18
2022-05-16
A logged-in and authenticated user with a Reviewer Role may lock a content item.
CVE-2021-23266MEDIUMCVSS 4.3EG 4.3✓ Fixed in 3.1.18
2022-05-16
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
CVE-2022-40635MEDIUMCVSS 6.4EG 6.4✓ Fixed in 3.1.23
2022-09-13
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.
CVE-2026-1770MEDIUMCVSS 4.5EG 0.0✓ Fixed in 4.5.0
2026-02-02
vulnerable: 4.0.0 ... 4.3.2 (20 versions)
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may…

Check whether org.craftercms:craftercms is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.craftercms:craftercms CVEs against the assets you own.

Start Free Scan →