Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-45921 | 1 Fusionauth | 1 Fusionauth | 2024-11-21 | N/A | 7.5 HIGH |
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process. | |||||
CVE-2020-7799 | 1 Fusionauth | 1 Fusionauth | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates. |