CVE-2022-25894

All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution (RCE) in the ExpressionContextImpl class via jexl.createExpression(expression).evaluate(context); functionality, due to improper user input validation.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:uflo_project:uflo:*:*:*:*:*:*:*:*

Information

Published : 2023-01-26 13:15

Updated : 2023-02-02 10:24


NVD link : CVE-2022-25894

Mitre link : CVE-2022-25894


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

uflo_project

  • uflo