2 matches found
Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`
Summary A Server-Side Code Injection vulnerability exists in the Yamcs algorithm evaluation engine org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory. The application dynamically compiles and evaluates user-controlled algorithm text without enforcing a secure sandbox. An authenticated user wi...
CVE-2023-33546
A denial of service vulnerability was found in the janino compiler. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow...