제출 #847500: https://github.com/pig-mesh/pig pig v3.9.2 Code Injection정보

제목https://github.com/pig-mesh/pig pig v3.9.2 Code Injection
설명In pig-mesh version v3.9.2 and prior versions, the pig-codegen module of the PIG microservice platform leverages the Apache Velocity template engine to parse user-defined templates without implementing content sanitization or sandbox isolation for user-controllable template code. Authenticated attackers can abuse the template management API to inject malicious Velocity template payloads, and execute arbitrary operating system commands by abusing Java reflection to bypass access restrictions, leading to remote code execution (RCE).
원천⚠️ https://github.com/sombra0316/CVE-2026/blob/main/pig-mesh/SSIT.md
사용자
 mercy (UID 98676)
제출2026. 06. 04. AM 08:48 (1 월 ago)
모더레이션2026. 07. 12. AM 08:22 (1 month later)
상태수락
VulDB 항목377841 [pig-mesh Pig 까지 3.9.2 pig-codegen GeneratorServiceImpl.java 권한 상승]
포인트들20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!