9 matches found
Remote Code Execution (RCE)
@nocobase/plugin-workflow-javascript is vulnerable to Remote Code Execution. The vulnerability is due to improper sandbox isolation in the Workflow Script Node, where the exposed console object allows access to host-realm WritableWorkerStdio stream objects via console.stdout and console.stderr,...
EUVD-2026-22122
A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The attack can be...
CVE-2026-6224
A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The attack can be...
CVE-2026-6224
CVE-2026-6224 affects nocobase plugin-workflow-javascript up to version 2.0.23. The vulnerability is in the function createSafeConsole inside packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js, where certain manipulation leads to a sandbox issue. The issue is exploitable remot...
CVE-2026-6224 nocobase plugin-workflow-javascript Vm.js createSafeConsole sandbox
A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The attack can be...
CVE-2026-6224
A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The attack can be...
PT-2026-32532
A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The attack can be...
Nocobase 安全漏洞
Nocobase is an open-source low-code platform developed by NocoBase. Versions of Nocobase 2.0.23 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper use of the createSafeConsole function in the...
Improper Control of Dynamically-Managed Code Resources
Overview @nocobase/plugin-workflow-javascript is an Execute a piece of JavaScript in an isolated Node.js environment. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the console object passed into the sandbox context, which exposes...