| Titel | WuKongOpenSource Wukong_nocode <=latest AviatorScript Inject RCE |
|---|
| Beschreibung | In ExpressionUtil.java, AviatorEvaluator is used to directly execute expression functionality without any configured security policies, leading to potential AviatorScript injection vulnerabilities (which by default can execute arbitrary static methods).
This vulnerability applies to wukongcrm's background no code platform feature
|
|---|
| Quelle | ⚠️ https://github.com/WuKongOpenSource/Wukong_nocode/issues/4 |
|---|
| Benutzer | aftersnow (UID 71336) |
|---|
| Einreichung | 02.07.2024 04:54 (vor 2 Jahren) |
|---|
| Moderieren | 10.07.2024 12:11 (8 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 271051 [WuKongOpenSource Wukong_nocode bis 20230807 AviatorScript ExpressionUtil.java erweiterte Rechte] |
|---|
| Punkte | 18 |
|---|