| 제목 | AutohomeCorp frostmourne <=1.0 remote code execution |
|---|
| 설명 | A critical remote code execution vulnerability exists in Frostmourne's alarm expression evaluation system. Authenticated administrative users can inject arbitrary JavaScript code via the alarm configuration interface, which is then executed by the Nashorn script engine without validation, leading to complete server compromise.
|
|---|
| 원천 | ⚠️ https://github.com/AnalogyC0de/public_exp/issues/17 |
|---|
| 사용자 | Ana10gy (UID 93358) |
|---|
| 제출 | 2026. 02. 27. AM 08:13 (1 월 ago) |
|---|
| 모더레이션 | 2026. 03. 11. PM 02:39 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 350397 [AutohomeCorp frostmourne 까지 1.0 Oracle Nashorn JavaScript Engine ExpressionRule.java scriptEngine.eval EXPRESSION 권한 상승] |
|---|
| 포인트들 | 18 |
|---|