1 results (0.002 seconds)
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1
CVE-2023-7148 – ShifuML shifu Java Expression Language DataPurifier.java code injection
https://notcve.org/view.php?id=CVE-2023-7148
A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument FilterExpression leads to code injection. The attack can be launched remotely. The complexity of an attack is rather high. • https://drive.google.com/file/d/1ST3dD-iwUBgBNZ8tGaBbqVi1zRh5rLND/view https://vuldb.com/?ctiid.249151 https://vuldb.com/?id.249151 • CWE-94: Improper Control of Generation of Code ('Code Injection') •