CVE-2020-7799

Name of the Vulnerable Software and Affected Versions FusionAuth versions prior to 1.11.0

Description An issue was discovered in FusionAuth where an authenticated user, allowed to edit e-mail templates or themes, can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates.

Recommendations For versions prior to 1.11.0, update to version 1.11.0 or later to resolve the issue. As a temporary workaround, consider restricting access to edit e-mail templates and themes to minimize the risk of exploitation.