Information Exposure Affecting org.craftercms:crafter-search package, versions [,3.1.15)
Snyk CVSS
Attack Complexity
Low
Integrity
High
Threat Intelligence
EPSS
0.28% (69th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGCRAFTERCMS-2321382
- published 17 Dec 2021
- disclosed 16 Dec 2021
- credit Unknown
How to fix?
Upgrade org.craftercms:crafter-search
to version 3.1.15 or higher.
Overview
org.craftercms:crafter-search is a search facade for Crafter CMS. Crafter Search proxies the real search engine deployed behind it.
Affected versions of this package are vulnerable to Information Exposure. Installations of craftercms
, where crafter-search
is not protected, allows unauthenticated remote attackers to create, view, and delete search indexes.