Remote Code Execution (RCE)

uflo-core is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the improper user input validation in the eval function of ExpressionContextImpl.java, allowing an attacker to inject and execute malicious commands...

Remote Code Execution in com.bstek.uflo:uflo-core

All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation...

CVE-2022-25894

All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation...

Input validation

All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation...

CVE-2022-25894

All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation...

CVE-2022-25894

CVE-2022-25894 affects com.bstek.uflo:uflo-core. The vulnerability is an RCE in ExpressionContextImpl via jexl.createExpression(expression).evaluate(context) caused by improper user input validation. Affected versions are not clearly bounded in the provided documents; remediation/version fix info...

PT-2023-12830 · Bstek · Uflo-Core

Name of the Vulnerable Software and Affected Versions: com.bstek.uflo:uflo-core affected versions not specified Description: The issue concerns improper user input validation in the ExpressionContextImpl class, specifically via the jexl.createExpressionexpression.evaluatecontext functionality,...