FusionAuth Remote Code Execution Vulnerability (CVE-2020-7799) Threat Alert

February 14, 2020

  1. Vulnerability Description

On January 28, 2019, Beijing time, NVD released a remote command execution vulnerability (CVE-2020-7799) in the Apache Freemarker template in FusionAuth. It is found that an authenticated user can edit email templates (Home > Settings > Email Templates) or themes (Home > Settings > Themes) in FusionAuth to execute arbitrary commands in the underlying operating system by using freemarker.template.utility.Execute in the Apache FreeMarker engine of custom templates. (more…)


Subscribe to the NSFOCUS Blog