CVE-2020-7931

Name of the Vulnerable Software and Affected Versions JFrog Artifactory versions 5.x through 6.x

Description The issue is caused by insecure FreeMarker template processing, which can lead to remote code execution. This can be achieved, for example, by modifying a .ssh/authorized keys file. The problem arises because the use of the DefaultObjectWrapper class makes certain Java functions accessible to a template.

Recommendations For versions between 5.11.8 and 6.16.0, apply the available patches to resolve the issue. At the moment, there is no information about additional mitigation measures for other versions.