Information Exposure Affecting org.craftercms:crafter-search package, versions [,3.1.15)


0.0
high
  • Attack Complexity

    Low

  • Integrity

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-ORGCRAFTERCMS-2321382

  • published

    17 Dec 2021

  • disclosed

    16 Dec 2021

  • credit

    Unknown

How to fix?

Upgrade org.craftercms:crafter-search to version 3.1.15 or higher.

Overview

org.craftercms:crafter-search is a search facade for Crafter CMS. Crafter Search proxies the real search engine deployed behind it.

Affected versions of this package are vulnerable to Information Exposure. Installations of craftercms, where crafter-search is not protected, allows unauthenticated remote attackers to create, view, and delete search indexes.