CVE-2024-0738 – 个人开源 mldong DecisionModel.java ExpressionEngine code injection

https://notcve.org/view.php?id=CVE-2024-0738

19 Jan 2024 — A vulnerability, which was classified as critical, has been found in 个人开源 mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/biantaibao/mldong_RCE/blob/main/RCE.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •