CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2022-25894
https://notcve.org/view.php?id=CVE-2022-25894
All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution (RCE) in the ExpressionContextImpl class via jexl.createExpression(expression).evaluate(context); functionality, due to improper user input validation. Todas las versiones del paquete com.bstek.uflo:uflo-core son vulnerables a la ejecución remota de código (RCE) en la clase ExpressionContextImpl a través de jexl.createExpression(expression).evaluate(context); functionality, debido a una validación inadecuada de la entrada del usuario. • https://fmyyy1.github.io/2022/10/23/uflo2rce https://github.com/youseries/uflo/blob/b3e198bc6523e5a6ba69edd84ba10e05a3b78726/uflo-core/src/main/java/com/bstek/uflo/expr/impl/ExpressionContextImpl.java%23L126 https://security.snyk.io/vuln/SNYK-JAVA-COMBSTEKUFLO-3091112 • CWE-94: Improper Control of Generation of Code ('Code Injection') •