Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection in Ballcat Codegen
Vulnerability Description
Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done. The fault is rectified in version 1.0.0.beta.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Ballcat Codegen 输入验证错误漏洞
Vulnerability Description
BallCat Codegen是一个 BallCat 的代码生成器。 Ballcat Codegen 存在安全漏洞,该漏洞源于攻击者可以通过模板引擎的恶意代码注入来实现远程代码执行。发生这种情况是因为引入了 Velocity 和 freemarker 模板但未完成输入验证。
CVSS Information
N/A
Vulnerability Type
N/A