Critical RCE in dotCMS

Skip to first unread message

Will Ezell

Apr 26, 2022, 12:12:52 PMApr 26
I wanted to share with the dotCMS community that there has been a critical security issue / RCE discovered in dotCMS versions 4.0 to 22.02.  The issue has been fixed in our latest LTS versions,  v22.03, v5.3.8.10 and v21.06.7 and hotfixes are available on our github repo for other affected versions.   A CVE has been filed, though it has not been made public yet.

The issue has already been communicated and remediated for dotCMS Cloud and Enterprise supported customers.

For more information about this issue and steps on how to remediate it, please details on our site at:
Thank you,

Will Ezell


382 NE 191st St #92150
Miami, Florida 33179-3899
305-900-2001 | Direct: 978.294.9429

Reply all
Reply to author
0 new messages