Do your applications use this vulnerable package?
29 Nov 2020
14 Jun 2017
How to fix?
org.craftercms:crafter-studio to version 3.0.1 or higher.
Affected versions of this package are vulnerable to XML Injection. An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.