| Название | AutohomeCorp frostmourne <=1.0 remote code execution |
|---|
| Описание | A critical remote code execution vulnerability exists in Frostmourne's alarm expression evaluation system. Authenticated administrative users can inject arbitrary JavaScript code via the alarm configuration interface, which is then executed by the Nashorn script engine without validation, leading to complete server compromise.
|
|---|
| Источник | ⚠️ https://github.com/AnalogyC0de/public_exp/issues/17 |
|---|
| Пользователь | Ana10gy (UID 93358) |
|---|
| Представление | 27.02.2026 08:13 (1 месяц назад) |
|---|
| Модерация | 11.03.2026 14:39 (12 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 350397 [AutohomeCorp frostmourne до 1.0 Oracle Nashorn JavaScript Engine ExpressionRule.java scriptEngine.eval EXPRESSION эскалация привилегий] |
|---|
| Баллы | 18 |
|---|