Lucene search
GoogleOSV:CVE-2022-24881HistoryApr 26, 2022 - 4:15 p.m.
CVE-2022-24881
2022-04-2616:15:47
Google
osv.dev
6
ballcat codegen
online code editing
template generation
remote code execution
input verification
velocity
freemarker
software security
vulnerability fix
Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done. The fault is rectified in version 1.0.0.beta.2.
Related
osv
osv
ballcat-codegen template engine remote code execution injection
2022-04-27 21:05:15
nvd
nvd
CVE-2022-24881
2022-04-26 16:15:47
cve
cve
CVE-2022-24881
2022-04-26 16:15:47
github
github
ballcat-codegen template engine remote code execution injection
2022-04-27 21:05:15
prion
prion
Code injection
2022-04-26 16:15:00
redhatcve
redhatcve
CVE-2022-24881
2022-05-18 17:38:42
cvelist
cvelist
CVE-2022-24881 Command Injection in Ballcat Codegen
2022-04-26 16:06:21