| Название | WuKongOpenSource Wukong_nocode <=latest AviatorScript Inject RCE |
|---|
| Описание | In ExpressionUtil.java, AviatorEvaluator is used to directly execute expression functionality without any configured security policies, leading to potential AviatorScript injection vulnerabilities (which by default can execute arbitrary static methods).
This vulnerability applies to wukongcrm's background no code platform feature
|
|---|
| Источник | ⚠️ https://github.com/WuKongOpenSource/Wukong_nocode/issues/4 |
|---|
| Пользователь | aftersnow (UID 71336) |
|---|
| Представление | 02.07.2024 04:54 (2 лет назад) |
|---|
| Модерация | 10.07.2024 12:11 (8 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 271051 [WuKongOpenSource Wukong_nocode до 20230807 AviatorScript ExpressionUtil.java эскалация привилегий] |
|---|
| Баллы | 18 |
|---|