Recent Vulnerabilities Research Posts Trends Blog About Contact

By Relevance

By Risk Score

By Publish Date

By Recent Activity

9.8

CVSSv3

Published: 26/01/2023 Updated: 02/02/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

Subscribe to Uflo

All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution (RCE) in the ExpressionContextImpl class via jexl.createExpression(expression).evaluate(context); functionality, due to improper user input validation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
uflo project uflo

CWE-20 https://security.snyk.io/vuln/SNYK-JAVA-COMBSTEKUFLO-3091112 https://fmyyy1.github.io/2022/10/23/uflo2rce/https://github.com/youseries/uflo/blob/b3e198bc6523e5a6ba69edd84ba10e05a3b78726/uflo-core/src/main/java/com/bstek/uflo/expr/impl/ExpressionContextImpl.java%23L126 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-25894

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

References

Vulmon Search

About

Products

Connect