CVE-2019-12440

The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service.

Date published : 2019-05-29

https://github.com/Sitecore/Sitecore.Rocks/compare/be79dcc…bd9ba6a

https://github.com/Sitecore/Sitecore.Rocks/releases/tag/2.1.149