漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Dromara warm-flow Workflow Definition save-json SpelHelper.parseExpression code injection
Vulnerability Description
A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Warm-Flow 代码注入漏洞
Vulnerability Description
Warm-Flow是Dromara开源的一个工作流引擎。 Warm-Flow 1.8.4及之前版本存在代码注入漏洞,该漏洞源于Workflow Definition Handler组件中文件/warm-flow/save-json的SpelHelper.parseExpression函数对参数listenerPath/skipCondition/permissionFlag处理不当,可能导致代码注入。
CVSS Information
N/A
Vulnerability Type
N/A