7 matches found
CVE-2026-42049 jadx: RCE Via Groovy Code Injection in Gradle Export
jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx inserts the android:versionName value from an AndroidManifest into the generated app/build.gradle Groovy template without proper sanitization when exporting a decompiled APK as an Android Gradle project. A malicious APK can break out of the...
CVE-2026-42049 jadx: RCE Via Groovy Code Injection in Gradle Export
jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx inserts the android:versionName value from an AndroidManifest into the generated app/build.gradle Groovy template without proper sanitization when exporting a decompiled APK as an Android Gradle project. A malicious APK can break out of the...
GHSA-825G-MM5V-GGQ4 Apache Syncope allows malicious administrators to inject Groovy code
Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machine...
EUVD-2022-0603
Malicious code in bioql PyPI...
CVE-2021-45029
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
GHSA-GH38-X2WM-XMC8 Code injection in ShenYu
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
CVE-2021-45029 Apache ShenYu 2.4.1 Groovy Code Injection & SpEL Injection
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...