Gửi #847500: https://github.com/pig-mesh/pig pig v3.9.2 Code Injectionthông tin

tiêu đềhttps://github.com/pig-mesh/pig pig v3.9.2 Code Injection
Mô tảIn pig-mesh version v3.9.2 and prior versions, the pig-codegen module of the PIG microservice platform leverages the Apache Velocity template engine to parse user-defined templates without implementing content sanitization or sandbox isolation for user-controllable template code. Authenticated attackers can abuse the template management API to inject malicious Velocity template payloads, and execute arbitrary operating system commands by abusing Java reflection to bypass access restrictions, leading to remote code execution (RCE).
Nguồn⚠️ https://github.com/sombra0316/CVE-2026/blob/main/pig-mesh/SSIT.md
Người dùng
 mercy (UID 98676)
Đệ trình04/06/2026 08:48 (cách đây 1 tháng)
Kiểm duyệt12/07/2026 08:22 (1 month later)
Trạng tháiđược chấp nhận
Mục VulDB377841 [pig-mesh Pig đến 3.9.2 pig-codegen GeneratorServiceImpl.java nâng cao đặc quyền]
điểm20

Do you need the next level of professionalism?

Upgrade your account now!