提出 #847500: https://github.com/pig-mesh/pig pig v3.9.2 Code Injection情報

タイトルhttps://github.com/pig-mesh/pig pig v3.9.2 Code Injection
説明In pig-mesh version v3.9.2 and prior versions, the pig-codegen module of the PIG microservice platform leverages the Apache Velocity template engine to parse user-defined templates without implementing content sanitization or sandbox isolation for user-controllable template code. Authenticated attackers can abuse the template management API to inject malicious Velocity template payloads, and execute arbitrary operating system commands by abusing Java reflection to bypass access restrictions, leading to remote code execution (RCE).
ソース⚠️ https://github.com/sombra0316/CVE-2026/blob/main/pig-mesh/SSIT.md
ユーザー
 mercy (UID 98676)
送信2026年06月04日 08:48 (1 月 ago)
モデレーション2026年07月12日 08:22 (1 month later)
ステータス承諾済み
VulDBエントリ377841 [pig-mesh Pig 迄 3.9.2 pig-codegen GeneratorServiceImpl.java 特権昇格]
ポイント20

Do you need the next level of professionalism?

Upgrade your account now!