Search criteria
2 vulnerabilities found for Wukong_nocode by WuKongOpenSource
CVE-2024-6645 (GCVE-0-2024-6645)
Vulnerability from cvelistv5 – Published: 2024-07-10 17:00 – Updated: 2024-08-01 21:41
VLAI?
Title
WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization
Summary
A vulnerability was found in WuKongOpenSource Wukong_nocode up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file ExpressionUtil.java of the component AviatorScript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-271051.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-502 - Deserialization
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WuKongOpenSource | Wukong_nocode |
Affected:
20230807
|
Credits
aftersnow (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wukongopensource:wukong_nocode:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wukong_nocode",
"vendor": "wukongopensource",
"versions": [
{
"lessThan": "20230807",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6645",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T15:00:04.114008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T15:01:24.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:04.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-271051 | WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.271051"
},
{
"name": "VDB-271051 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.271051"
},
{
"name": "Submit #367349 | WuKongOpenSource Wukong_nocode \u003c=latest AviatorScript Inject RCE",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.367349"
},
{
"tags": [
"exploit",
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/WuKongOpenSource/Wukong_nocode/issues/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"AviatorScript Handler"
],
"product": "Wukong_nocode",
"vendor": "WuKongOpenSource",
"versions": [
{
"status": "affected",
"version": "20230807"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "aftersnow (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in WuKongOpenSource Wukong_nocode up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file ExpressionUtil.java of the component AviatorScript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-271051."
},
{
"lang": "de",
"value": "In WuKongOpenSource Wukong_nocode bis 20230807 wurde eine kritische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei ExpressionUtil.java der Komponente AviatorScript Handler. Dank der Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T17:00:05.966Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-271051 | WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.271051"
},
{
"name": "VDB-271051 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.271051"
},
{
"name": "Submit #367349 | WuKongOpenSource Wukong_nocode \u003c=latest AviatorScript Inject RCE",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.367349"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/WuKongOpenSource/Wukong_nocode/issues/4"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-10T12:16:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6645",
"datePublished": "2024-07-10T17:00:05.966Z",
"dateReserved": "2024-07-10T10:10:51.793Z",
"dateUpdated": "2024-08-01T21:41:04.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6645 (GCVE-0-2024-6645)
Vulnerability from nvd – Published: 2024-07-10 17:00 – Updated: 2024-08-01 21:41
VLAI?
Title
WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization
Summary
A vulnerability was found in WuKongOpenSource Wukong_nocode up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file ExpressionUtil.java of the component AviatorScript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-271051.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-502 - Deserialization
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WuKongOpenSource | Wukong_nocode |
Affected:
20230807
|
Credits
aftersnow (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wukongopensource:wukong_nocode:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wukong_nocode",
"vendor": "wukongopensource",
"versions": [
{
"lessThan": "20230807",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6645",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T15:00:04.114008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T15:01:24.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:04.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-271051 | WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.271051"
},
{
"name": "VDB-271051 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.271051"
},
{
"name": "Submit #367349 | WuKongOpenSource Wukong_nocode \u003c=latest AviatorScript Inject RCE",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.367349"
},
{
"tags": [
"exploit",
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/WuKongOpenSource/Wukong_nocode/issues/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"AviatorScript Handler"
],
"product": "Wukong_nocode",
"vendor": "WuKongOpenSource",
"versions": [
{
"status": "affected",
"version": "20230807"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "aftersnow (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in WuKongOpenSource Wukong_nocode up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file ExpressionUtil.java of the component AviatorScript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-271051."
},
{
"lang": "de",
"value": "In WuKongOpenSource Wukong_nocode bis 20230807 wurde eine kritische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei ExpressionUtil.java der Komponente AviatorScript Handler. Dank der Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T17:00:05.966Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-271051 | WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.271051"
},
{
"name": "VDB-271051 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.271051"
},
{
"name": "Submit #367349 | WuKongOpenSource Wukong_nocode \u003c=latest AviatorScript Inject RCE",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.367349"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/WuKongOpenSource/Wukong_nocode/issues/4"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-10T12:16:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6645",
"datePublished": "2024-07-10T17:00:05.966Z",
"dateReserved": "2024-07-10T10:10:51.793Z",
"dateUpdated": "2024-08-01T21:41:04.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}