cve/CVE-2023-51388.md at 694ac234a19db48cd3b1f78eb5f461ab1f6c99f7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

Hertzbeat is a real-time monitoring system. In CalculateAlarm.java, AviatorEvaluator is used to directly execute the expression function, and no security policy is configured, resulting in AviatorScript (which can execute any static method by default) script injection. Version 1.4.1 fixes this vulnerability.

POC

Reference

No PoCs from references.

Github

https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/luelueking/luelueking

970 B Raw Blame History

CVE-2023-51388

Description

POC

Reference

Github

970 B

Raw Blame History