제출 #838568: antlr ANTLR4 4.13.2 Code Injection정보

제목antlr ANTLR4 4.13.2 Code Injection
설명ANTLR4 grammar files (.g4) support embedded action blocks — @header { }, @members { }, @init { }, @after { }, and inline { } actions — that are injected verbatim and without sanitization into the generated source code. Any system that accepts .g4 files from untrusted sources and compiles/executes the generated output is fully compromised. The attack requires no special privileges; a single .g4 file causes Remote Code Execution upon class loading.
원천⚠️ https://github.com/wooyun123/wooyun/issues/4
사용자
 jiazhou (UID 89028)
제출2026. 05. 27. AM 10:49 (1 월 ago)
모더레이션2026. 06. 27. PM 08:28 (1 month later)
상태수락
VulDB 항목374495 [antlr ANTLR4 까지 4.13.2 Grammar Action Block OutputFile.java 권한 상승]
포인트들20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!