| عنوان | simstudioai https://github.com/simstudioai/sim <=1.0.0 Remote Code Execution |
|---|
| الوصف | The RCE vulnerability was discovered on /api/function/execute in latest version of SIM.
The functionality has user-controllable parameter without any blacklist/whitelist filtering
or special character escaping security measures, allowing attackers to execute arbitrary javascript code. |
|---|
| المصدر | ⚠️ https://github.com/simstudioai/sim/issues/961 |
|---|
| المستخدم | ZAST.AI (UID 87884) |
|---|
| ارسال | 31/08/2025 03:24 PM (9 أشهر منذ) |
|---|
| الاعتدال | 08/09/2025 11:55 AM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 323058 [SimStudioAI sim حتى 1.0.0 route.ts code تجاوز الصلاحيات] |
|---|
| النقاط | 18 |
|---|