CVE-2020-7931

Published: Jan 23, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/atredispartners/advisories/blob/master/ATREDIS-2019-0006.md

x_refsource_MISC

https://www.jfrog.com/confluence/display/RTF/Release+Notes

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-7931

Description

Affected Products

References