जमा करें #847500: https://github.com/pig-mesh/pig pig v3.9.2 Code Injectionजानकारी

शीर्षकhttps://github.com/pig-mesh/pig pig v3.9.2 Code Injection
विवरणIn pig-mesh version v3.9.2 and prior versions, the pig-codegen module of the PIG microservice platform leverages the Apache Velocity template engine to parse user-defined templates without implementing content sanitization or sandbox isolation for user-controllable template code. Authenticated attackers can abuse the template management API to inject malicious Velocity template payloads, and execute arbitrary operating system commands by abusing Java reflection to bypass access restrictions, leading to remote code execution (RCE).
स्रोत⚠️ https://github.com/sombra0316/CVE-2026/blob/main/pig-mesh/SSIT.md
उपयोगकर्ता
 mercy (UID 98676)
सबमिशन04/06/2026 08:48 AM (1 महीना पहले)
संयम12/07/2026 08:22 AM (1 month later)
स्थितिस्वीकृत
VulDB प्रविष्टि377841 [pig-mesh Pig तक 3.9.2 pig-codegen GeneratorServiceImpl.java अधिकार वृद्धि]
अंक20

Might our Artificial Intelligence support you?

Check our Alexa App!