Skip to main content

Improper Input Validation

CVE-2022-24881

Severity High
Score 9.8/10

Summary

Ballcat Codegen provides the function of online editing code to generate templates. In Ballcat Codegen, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-20 - Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Advisory Timeline

  • Published