CVE-2021-23263

MEDIUM EXPLOITED

FreeMarker - Info Disclosure

Title source: llm

Description

Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary).

References (1)

[Vendor Advisory] https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120106

Scores

CVSS v3 5.9

EPSS 0.0047

EPSS Percentile 64.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitation Intel

VulnCheck KEV 2025-02-27

Classification

CWE

CWE-668 CWE-402

Status published

Affected Products (1)

craftercms/crafter_cms < 3.1.15

Timeline

Published Dec 02, 2021

Tracked Since Feb 18, 2026