| Title | WuKongOpenSource Wukong_nocode <=latest AviatorScript Inject RCE |
|---|
| Description | In ExpressionUtil.java, AviatorEvaluator is used to directly execute expression functionality without any configured security policies, leading to potential AviatorScript injection vulnerabilities (which by default can execute arbitrary static methods).
This vulnerability applies to wukongcrm's background no code platform feature
|
|---|
| Source | ⚠️ https://github.com/WuKongOpenSource/Wukong_nocode/issues/4 |
|---|
| User | aftersnow (UID 71336) |
|---|
| Submission | 07/02/2024 04:54 (2 years ago) |
|---|
| Moderation | 07/10/2024 12:11 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 271051 [WuKongOpenSource Wukong_nocode up to 20230807 AviatorScript ExpressionUtil.java deserialization] |
|---|
| Points | 18 |
|---|