CVE-2021-32829

ZStack REST API is affected by a post-authentication Remote Code Execution (RCE) vulnerability via bypass of the Groovy sandbox. The GET zstack/v1/batch-queries?script endpoint processes a Groovy script through APIBatchQueryMsg.script, evaluated in BatchQuery.query, with sandboxing applied by San...