Org.craftercms:crafter-studio

This hub aggregates every CVE we track for Org.craftercms:crafter-studio, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 10 most recently published vulnerabilities affecting Org.craftercms:crafter-studio.

• CVE-2025-6384Improper Control of Dynamically-Managed Code Resources in Crafter Studio9.1Jun 19, 2025
• CVE-2022-40634Improper Control of Dynamically-Managed Code Resources in Crafter Studio6.4Sep 13, 2022
• CVE-2021-23267Improper Control of Dynamically-Managed Code Resources in Crafter Studio7.6May 16, 2022
• CVE-2017-15681In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.9.8Nov 27, 2020
• CVE-2017-15684Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.7.5Nov 27, 2020
• CVE-2017-15685Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out...8.6Nov 27, 2020
• CVE-2017-15686Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies.6.1Nov 27, 2020
• CVE-2020-25803Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via deep inspection of FreeMarker template exposed objects.4.2Oct 6, 2020
• CVE-2020-25802Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via Groovy scripting.4.2Oct 6, 2020
• CVE-2018-19907A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that tri...8.8Dec 6, 2018