6 matches found
CVE-2022-25894
All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation...
com.bstek.uflo:uflo-console (>=2.0.0 <=2.1.5), com.syyai.spring.boot:uflo-spring-boot-starter (=2.1.4) +1 more potentially affected by CVE-2022-25894 via com.bstek.uflo:uflo-core (>=2.0.0 <=2.1.5)
com.bstek.uflo:uflo-core MAVEN version =2.0.0, =2.0.0, =2.0, =2.5.1.v20220215 Source cves: CVE-2022-25894 Source advisory: OSV:GHSA-8M9F-C5P9-WQCH...
CVE-2022-25894
CVE-2022-25894 affects com.bstek.uflo:uflo-core. The vulnerability is an RCE in ExpressionContextImpl via jexl.createExpression(expression).evaluate(context) caused by improper user input validation. Affected versions are not clearly bounded in the provided documents; remediation/version fix info...
CVE-2022-25894
All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation...
CVE-2022-25894
All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation...
com.bstek.uflo:uflo-console (>=2.0.0 <=2.1.5), com.syyai.spring.boot:uflo-spring-boot-starter (=2.1.4) +1 more potentially affected by CVE-2022-25894 via com.bstek.uflo:uflo-core (>=2.0.0 <=2.1.5)
com.bstek.uflo:uflo-core MAVEN version =2.0.0, =2.0.0, =2.0, =2.5.1.v20220215 Source cves: CVE-2022-25894 Source advisory: SNYK:JAVA-COMBSTEKUFLO-3091112...