Description
In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template.
Exploits (1)
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2019-0006.md
Release Notes, Vendor Advisory x_refsource_misc
https://www.jfrog.com/confluence/display/RTF/Release+Notes
Scores
CVSS v3
8.8
EPSS
0.3243
EPSS Percentile
96.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (2)
jfrog/artifactory
< 5.11.8
jfrog/artifactory
6.8.0 - 6.8.17
Published
Jan 23, 2020
Tracked Since
Feb 18, 2026