Uploaded image for project: 'Build'
  1. Build
  2. BUILD-541

Update to FreeMarker 2.3.31

XMLWordPrintable

    • Yes

      Begin forwarded message:
      From: Mal Aware <awaremal@gmail.com>

      Subject: FreeMarker Restriction Bypass in Magnolia 6.2.11

      Date: 21 September 2021 at 17:50:11 CEST

      To: support@magnolia-cms.com

      Hello, 
      During a security assessment the following vulnerability has been found in Magnolia v6.2.11:

      1. FreeMarker Restriction Bypass: Magnolia uses the Java FreeMarker Template parser in order to display dynamic content in the web application. Although the application implements restrictions against FreeMarker and Java dangerous elements, a bypass was found that circumvents these restrictions and can be leveraged by attackers to obtain Remote Code Execution.

      More details and the exploitation process can be found in the attached PDF.
       
      Have a nice day,
      Mal


      DEV NOTES

      This vulnerability has been fixed in FreeMarker 2.3.30 with https://issues.apache.org/jira/browse/FREEMARKER-124 - Magnolia currently uses version 2.3.29 (6.2.x) and 2.3.28 (5.7.x)

        Acceptance criteria

          1. Magnolia.pdf
            2.52 MB

              fgrilli Federico Grilli
              rkovarik Roman Kovařík
              Jean-Marc Fazan, Nico Kirch
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Task DoR