CVE-2021-46361: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

February 12, 2022 (updated February 15, 2022)

An issue in the Freemark Filter of Magnolia CMS allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.

References

docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.12.html
github.com/advisories/GHSA-m4hg-5p2m-fm5m
nvd.nist.gov/vuln/detail/CVE-2021-46361

Code Behaviors & Features

Detect and mitigate CVE-2021-46361 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →