[jira] [Commented] (FREEMARKER-205) Vulnerable to Arbitrary Code Execution

Jira Thu, 24 Mar 2022 10:44:06 -0700


    [ 
https://issues.apache.org/jira/browse/FREEMARKER-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17511981#comment-17511981
 ]


Dániel Dékány commented on FREEMARKER-205:
------------------------------------------

Veracode has updated its database based on my feedback, so now 2.3.31 is not 
listed as vulnerable anymore: 
https://sca.analysiscenter.veracode.com/vulnerability-database/security/arbitrary-code-execution/java/sid-34269

Note that 2.3.30 is also not vulnerable to this attack. Hopefully they will add 
that too.

> Vulnerable to Arbitrary Code Execution
> --------------------------------------
>
>                 Key: FREEMARKER-205
>                 URL: https://issues.apache.org/jira/browse/FREEMARKER-205
>             Project: Apache Freemarker
>          Issue Type: Bug
>          Components: engine
>    Affects Versions: 2.3.31
>            Reporter: Rupesh Pal
>            Priority: Critical
>
> org.freemarker:freemarker is vulnerable to arbitrary code execution. Remote 
> attackers are able to inject and execute malicious scripts on the host 
> machine via crafted payloads to bypass security restrictions.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (FREEMARKER-205) Vulnerable to Arbitrary Code Execution

Reply via email to