Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
opencc JFlow WF_CCForm.java Calculate injection
Vulnerability Description
A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the file src/main/java/bp/wf/httphandler/WF_CCForm.java. Such manipulation leads to injection. The attack may be performed from remote. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
JFlow 安全漏洞
Vulnerability Description
JFlow是中国济南驰骋(opencc)开源的一个低代码BPM开发平台。 JFlow存在安全漏洞,该漏洞源于对文件src/main/java/bp/wf/httphandler/WF_CCForm.java中函数Calculate的错误操作,可能导致注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A