← Back

Fusionauth

fusionauth

Vendor: Fusionauth • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-45921
1Fusionauth
1Fusionauth
Apr 28, 2025
Nov 28, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running th...Show more
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process.Show less
CVE-2020-7799
1Fusionauth
1Fusionauth
Nov 21, 2024
Jan 28, 2020
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the under...Show more
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates.Show less