Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Netflix Titus 注入漏洞
Vulnerability Description
Netflix Conductor是美国Netflix公司的一款基于云的开源业务流程引擎。 Netflix Titus中存在注入漏洞。远程攻击者可利用该漏洞运行任意的Java代码。
CVSS Information
N/A
Vulnerability Type
N/A