-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe key evidence is the removal of the removeItem method in CacheRestController.java, which previously provided a /remove endpoint accessible via GET. The vulnerability description explicitly calls out unauthenticated administrative data modification, which aligns with this cache manipulation endpoint being exposed without authorization checks. No other patched code shows security controls being added to existing methods - the vulnerability was eliminated by removing the insecure endpoint entirely.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.craftercms:crafter-core | maven | >= 3.0.0, < 3.0.1 | 3.0.1 |
JavaJavaOngoing coverage of React2Shell