7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.2%
org.jeasy, easy-rules-mvel is vulnerable to Remote Code Execution (RCE). The vulnerability is due to the execution of class files with the same name as the Zer file from methods then
and when
while loading Zer files into an application. An attacker can write a class file with same name as a Zer file (passed as an argument to then
and when
methods) into the current class path leading to Remote Code Execution (RCE) when that Zer file is loaded into the application.
CPE | Name | Operator | Version |
---|---|---|---|
easy rules mvel module | le | 4.1.0 | |
easy rules mvel module | le | 4.1.0 |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.2%