Lucene search
Redhat.comRH:CVE-2022-24881HistoryMay 18, 2022 - 5:38 p.m.
CVE-2022-24881
2022-05-1817:38:42
redhat.com
access.redhat.com
33
ballcat codegen
remote code execution
malicious injection
velocity templates
freemarker templates
input verification
EPSS
0.013
Percentile
86.0%
Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done. The fault is rectified in version 1.0.0.beta.2.
Related
osv
osv
CVE-2022-24881
2022-04-26 16:15:47
ballcat-codegen template engine remote code execution injection
2022-04-27 21:05:15
nvd
nvd
CVE-2022-24881
2022-04-26 16:15:47
cve
cve
CVE-2022-24881
2022-04-26 16:15:47
github
github
ballcat-codegen template engine remote code execution injection
2022-04-27 21:05:15
prion
prion
Code injection
2022-04-26 16:15:00
cvelist
cvelist
CVE-2022-24881 Command Injection in Ballcat Codegen
2022-04-26 16:06:21