unomi-plugins-base is vulnerable to arbitrary code execution. The vulnerability exists due to the lack of checks on the permitted classes to be executed when evaluating a property condition.
unomi.apache.org/security/cve-2020-11975.txt
github.com/apache/unomi/commit/789ae8e820c507866b9c91590feebffa4e996f5e
github.com/apache/unomi/pull/158
lists.apache.org/thread.html/r01021bc4b25c1e98812efca0b07f0e078a6281bd52f7c3817a429d95@%3Ccommits.unomi.apache.org%3E
lists.apache.org/thread.html/r79672c25e0ef9bb4b9148376281200a8e61c6d5ef5bb705e9a363460@%3Ccommits.unomi.apache.org%3E