CVE-2020-7931

HIGH

JFrog Artifactory <5.11.8 and 6.8.0-6.8.17 - Remote Code Execution via FreeMarker Template Processing

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-7931. PoCs published by gquere.

AI-analyzed exploit summary This repository contains a functional Python script and FreeMarker template that exploit CVE-2020-7931, a server-side template injection (SSTI) vulnerability in Artifactory Pro. The exploit allows file system manipulation and remote code execution through template payloads.

Description

In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template.

Exploits (1)

nomisec WORKING POC 51 stars
by gquere · poc
https://github.com/gquere/CVE-2020-7931

This repository contains a functional Python script and FreeMarker template that exploit CVE-2020-7931, a server-side template injection (SSTI) vulnerability in Artifactory Pro. The exploit allows file system manipulation and remote code execution through template payloads.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Artifactory Pro (versions affected by CVE-2020-7931)
Auth required
Prerequisites: Valid credentials for Artifactory Pro · Access to upload and deploy templates
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.jfrog.com/confluence/display/RTF/Release+Notes

Scores

CVSS v3 8.8
EPSS 0.0549
EPSS Percentile 91.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (2)
jfrog/artifactory < 5.11.8
jfrog/artifactory 6.8.0 - 6.8.17
Published Jan 23, 2020
Tracked Since Feb 18, 2026