| 제목 | WuKongOpenSource Wukong_nocode <=latest AviatorScript Inject RCE |
|---|
| 설명 | In ExpressionUtil.java, AviatorEvaluator is used to directly execute expression functionality without any configured security policies, leading to potential AviatorScript injection vulnerabilities (which by default can execute arbitrary static methods).
This vulnerability applies to wukongcrm's background no code platform feature
|
|---|
| 원천 | ⚠️ https://github.com/WuKongOpenSource/Wukong_nocode/issues/4 |
|---|
| 사용자 | aftersnow (UID 71336) |
|---|
| 제출 | 2024. 07. 02. AM 04:54 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 07. 10. PM 12:11 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 271051 [WuKongOpenSource Wukong_nocode 까지 20230807 AviatorScript ExpressionUtil.java 권한 상승] |
|---|
| 포인트들 | 18 |
|---|