Gửi #768949: AutohomeCorp frostmourne <=1.0 remote code executionthông tin

tiêu đềAutohomeCorp frostmourne <=1.0 remote code execution
Mô tảA critical remote code execution vulnerability exists in Frostmourne's alarm expression evaluation system. Authenticated administrative users can inject arbitrary JavaScript code via the alarm configuration interface, which is then executed by the Nashorn script engine without validation, leading to complete server compromise.
Nguồn⚠️ https://github.com/AnalogyC0de/public_exp/issues/17
Người dùng
 Ana10gy (UID 93358)
Đệ trình27/02/2026 08:13 (cách đây 5 các tháng)
Kiểm duyệt11/03/2026 14:39 (12 days later)
Trạng tháiđược chấp nhận
Mục VulDB350397 [AutohomeCorp frostmourne đến 1.0 Oracle Nashorn JavaScript Engine ExpressionRule.java scriptEngine.eval EXPRESSION nâng cao đặc quyền]
điểm18

Do you know our Splunk app?

Download it now for free!