[BUILD-541] Update to FreeMarker 2.3.31 Created: 21/Sep/21  Updated: 07/Jan/22  Resolved: 22/Sep/21

Status: Closed
Project: Build
Component/s: None
Affects Version/s: BOM 5.7.11, BOM 6.2.11
Fix Version/s: BOM 5.7.12, BOM 6.2.12

Type: Task Priority: Critical
Reporter: Roman Kovařík Assignee: Federico Grilli
Resolution: Done Votes: 1
Labels: artt, maintenance, security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PDF File Magnolia.pdf    
Issue Links:
Relates
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Release notes required:
Yes
Date of First Response:
Visible to:
Jean-Marc Fazan, Nico Kirch

 Description   

Begin forwarded message:
From: Mal Aware <awaremal@gmail.com>

Subject: FreeMarker Restriction Bypass in Magnolia 6.2.11

Date: 21 September 2021 at 17:50:11 CEST

To: support@magnolia-cms.com

Hello, 
During a security assessment the following vulnerability has been found in Magnolia v6.2.11:

  1. FreeMarker Restriction Bypass: Magnolia uses the Java FreeMarker Template parser in order to display dynamic content in the web application. Although the application implements restrictions against FreeMarker and Java dangerous elements, a bypass was found that circumvents these restrictions and can be leveraged by attackers to obtain Remote Code Execution.

More details and the exploitation process can be found in the attached PDF.
 
Have a nice day,
Mal


DEV NOTES

This vulnerability has been fixed in FreeMarker 2.3.30 with https://issues.apache.org/jira/browse/FREEMARKER-124 - Magnolia currently uses version 2.3.29 (6.2.x) and 2.3.28 (5.7.x)


Generated at Sun Feb 11 23:42:49 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.