5 matches found
EUVD-2023-56109
Malicious code in bioql PyPI...
CVE-2023-51388
Hertzbeat is a real-time monitoring system. In CalculateAlarm.java, AviatorEvaluator is used to directly execute the expression function, and no security policy is configured, resulting in AviatorScript which can execute any static method by default script injection. Version 1.4.1 fixes this...
Design/Logic Flaw
Hertzbeat is a real-time monitoring system. In CalculateAlarm.java, AviatorEvaluator is used to directly execute the expression function, and no security policy is configured, resulting in AviatorScript which can execute any static method by default script injection. Version 1.4.1 fixes this...
CVE-2023-51388 HertzBeat AviatorScript Inject RCE
Hertzbeat is a real-time monitoring system. In CalculateAlarm.java, AviatorEvaluator is used to directly execute the expression function, and no security policy is configured, resulting in AviatorScript which can execute any static method by default script injection. Version 1.4.1 fixes this...
CVE-2023-51388
Hertzbeat real-time monitoring software is affected by CVE-2023-51388 due to direct execution of expressions in CalculateAlarm.java via AviatorEvaluator without a security policy, enabling AviatorScript injection. The issue is tied to Hertzbeat versions prior to 1.4.1; upgrading to version 1.4.1 ...