conductor-core is vulnerable to server-side template injection. The vulnerability exists as it was using hibernate-validator
in a custom constraint validator, where user-input that were not properly validated against a validation mapping configuration can reach the error message template, allowing arbitrary code to be interpreted and executed.
CPE | Name | Operator | Version |
---|---|---|---|
conductor-core | le | 2.25.2-alpha.2 | |
conductor-core | le | 2.25.2-alpha.2 |