Fusionauth · Fusionauth · CVE-2020-7799
**Name of the Vulnerable Software and Affected Versions**
FusionAuth versions prior to 1.11.0
**Description**
An issue was discovered in FusionAuth where an authenticated user, allowed to edit e-mail templates or themes, can execute commands on the underlying operating system by abusing `freemarker.template.utility.Execute` in the Apache FreeMarker engine that processes custom templates.
**Recommendations**
For versions prior to 1.11.0, update to version 1.11.0 or later to resolve the issue. As a temporary workaround, consider restricting access to edit e-mail templates and themes to minimize the risk of exploitation.