EUVD-2023-0410

Malicious code in bioql PyPI...

CVE-2022-25894

All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation...

Remote Code Execution (RCE)

uflo-core is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the improper user input validation in the eval function of ExpressionContextImpl.java, allowing an attacker to inject and execute malicious commands...

GHSA-8M9F-C5P9-WQCH Remote Code Execution in com.bstek.uflo:uflo-core

All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation...

com.bstek.uflo:uflo-console (>=2.0.0 <=2.1.5), com.syyai.spring.boot:uflo-spring-boot-starter (=2.1.4) +1 more potentially affected by CVE-2022-25894 via com.bstek.uflo:uflo-core (>=2.0.0 <=2.1.5)

com.bstek.uflo:uflo-core MAVEN version =2.0.0, =2.0.0, =2.0, =2.5.1.v20220215 Source cves: CVE-2022-25894 Source advisory: OSV:GHSA-8M9F-C5P9-WQCH...

CVE-2022-25894

All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation...

UFLO 代码注入漏洞

UFLO is a pure Java process engine based on Spring that supports various flow methods such as parallel, dynamic parallel, serial, and countersign. A code injection vulnerability exists in UFLO uflo-core, which stems from incorrect user authentication...

CVE-2022-25894

All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation...

CVE-2022-25894

CVE-2022-25894 affects com.bstek.uflo:uflo-core. The vulnerability is an RCE in ExpressionContextImpl via jexl.createExpression(expression).evaluate(context) caused by improper user input validation. Affected versions are not clearly bounded in the provided documents; remediation/version fix info...

PT-2023-12830 · Bstek · Uflo-Core

Name of the Vulnerable Software and Affected Versions: com.bstek.uflo:uflo-core affected versions not specified Description: The issue concerns improper user input validation in the ExpressionContextImpl class, specifically via the jexl.createExpressionexpression.evaluatecontext functionality,...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation. Remediation There is no fixed version for com.bstek.uflo:uflo-core...

com.bstek.uflo:uflo-console (>=2.0.0 <=2.1.5), com.syyai.spring.boot:uflo-spring-boot-starter (=2.1.4) +1 more potentially affected by CVE-2022-25894 via com.bstek.uflo:uflo-core (>=2.0.0 <=2.1.5)

com.bstek.uflo:uflo-core MAVEN version =2.0.0, =2.0.0, =2.0, =2.5.1.v20220215 Source cves: CVE-2022-25894 Source advisory: SNYK:JAVA-COMBSTEKUFLO-3091112...