Enviar #768949: AutohomeCorp frostmourne <=1.0 remote code executioninformación

TítuloAutohomeCorp frostmourne <=1.0 remote code execution
DescripciónA critical remote code execution vulnerability exists in Frostmourne's alarm expression evaluation system. Authenticated administrative users can inject arbitrary JavaScript code via the alarm configuration interface, which is then executed by the Nashorn script engine without validation, leading to complete server compromise.
Fuente⚠️ https://github.com/AnalogyC0de/public_exp/issues/17
Usuario
 Ana10gy (UID 93358)
Sumisión2026-02-27 08:13 (hace 1 mes)
Moderación2026-03-11 14:39 (12 days later)
EstadoAceptado
Entrada de VulDB350397 [AutohomeCorp frostmourne hasta 1.0 Oracle Nashorn JavaScript Engine ExpressionRule.java scriptEngine.eval EXPRESSION escalada de privilegios]
Puntos18

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!