{"id":"CVE-2022-40635","details":"Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.","aliases":["GHSA-j6x3-3jqq-m922"],"modified":"2026-04-10T04:50:47.243493Z","published":"2022-09-13T19:15:13.440Z","references":[{"type":"ADVISORY","url":"https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051602"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/craftercms/craftercms","events":[{"introduced":"8b4368c37a3ccdddbd37c1dd915d8352b3c6f1ef"},{"fixed":"0c21190335660cda36b20218682b90a88019f81e"}],"database_specific":{"versions":[{"introduced":"3.1.0"},{"fixed":"3.1.23"}]}}],"versions":["v3.1.0","v3.1.1","v3.1.10","v3.1.11","v3.1.12","v3.1.15","v3.1.16","v3.1.17","v3.1.18","v3.1.19","v3.1.20","v3.1.21","v3.1.4","v3.1.5","v3.1.6","v3.1.7","v3.1.8","v3.1.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40635.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}