An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-28T12:46:52
Updated: 2024-08-04T09:41:01.865Z
Reserved: 2020-01-22T00:00:00
Link: CVE-2020-7799
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-01-28T13:15:12.560
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-7799
Redhat
No data.