Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done. The fault is rectified in version 1.0.0.beta.2.
References
Link | Resource |
---|---|
https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b | Patch Third Party Advisory |
https://github.com/ballcat-projects/ballcat-codegen/issues/5 | Issue Tracking Patch Third Party Advisory |
https://github.com/ballcat-projects/ballcat-codegen/security/advisories/GHSA-fv3m-xhqw-9m79 | Exploit Patch Third Party Advisory |
https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b | Patch Third Party Advisory |
https://github.com/ballcat-projects/ballcat-codegen/issues/5 | Issue Tracking Patch Third Party Advisory |
https://github.com/ballcat-projects/ballcat-codegen/security/advisories/GHSA-fv3m-xhqw-9m79 | Exploit Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 06:51
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b - Patch, Third Party Advisory | |
References | () https://github.com/ballcat-projects/ballcat-codegen/issues/5 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://github.com/ballcat-projects/ballcat-codegen/security/advisories/GHSA-fv3m-xhqw-9m79 - Exploit, Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 8.8 |
06 May 2022, 13:14
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
References | (CONFIRM) https://github.com/ballcat-projects/ballcat-codegen/security/advisories/GHSA-fv3m-xhqw-9m79 - Exploit, Patch, Third Party Advisory | |
References | (MISC) https://github.com/ballcat-projects/ballcat-codegen/issues/5 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b - Patch, Third Party Advisory | |
CWE | CWE-20 | |
CPE | cpe:2.3:a:ballcat:codegen:*:*:*:*:*:*:*:* |
26 Apr 2022, 17:21
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-26 16:15
Updated : 2024-11-21 06:51
NVD link : CVE-2022-24881
Mitre link : CVE-2022-24881
CVE.ORG link : CVE-2022-24881
JSON object : View
Products Affected
ballcat
- codegen