Lucene search
GoogleOSV:GHSA-FV3M-XHQW-9M79HistoryApr 27, 2022 - 9:05 p.m.
ballcat-codegen template engine remote code execution injection
2022-04-2721:05:15
Google
osv.dev
8
ballcat codegen
template engine
remote code execution
injection
velocity
freemarker
input verification
malicious code
patch
upgrade
software
EPSS
0.013
Percentile
86.0%
Impact
Ballcat Codegen provides the function of online editing code to generate templates.
In version < 1.0.0.beta.2, since Velocity and freemarker templates are introduced but input verification is not done, attackers can implement remote code execution through malicious code injection of the template engine.
Patches
The fault is rectified and needs to be upgraded to the latest version.
References
github.com/ballcat-projects/ballcat-codegen
github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b
github.com/ballcat-projects/ballcat-codegen/issues/5
github.com/ballcat-projects/ballcat-codegen/security/advisories/GHSA-fv3m-xhqw-9m79
nvd.nist.gov/vuln/detail/CVE-2022-24881
Related
osv
osv
CVE-2022-24881
2022-04-26 16:15:47
prion
prion
Code injection
2022-04-26 16:15:00
redhatcve
redhatcve
CVE-2022-24881
2022-05-18 17:38:42
cvelist
cvelist
CVE-2022-24881 Command Injection in Ballcat Codegen
2022-04-26 16:06:21
nvd
nvd
CVE-2022-24881
2022-04-26 16:15:47
cve
cve
CVE-2022-24881
2022-04-26 16:15:47
github
github
ballcat-codegen template engine remote code execution injection
2022-04-27 21:05:15