Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Wukong_nocode by WuKongOpenSource

    CVE-2024-6645 (GCVE-0-2024-6645)

    Vulnerability from nvd – Published: 2024-07-10 17:00 – Updated: 2024-08-01 21:41
    VLAI
    Title
    WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization
    Summary
    A vulnerability was found in WuKongOpenSource Wukong_nocode up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file ExpressionUtil.java of the component AviatorScript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-271051.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.271051 vdb-entry
    https://vuldb.com/?ctiid.271051 signaturepermissions-required
    https://vuldb.com/?submit.367349 third-party-advisory
    https://github.com/WuKongOpenSource/Wukong_nocode… exploitissue-tracking
    Impacted products
    Vendor Product Version
    WuKongOpenSource Wukong_nocode Affected: 20230807
    Create a notification for this product.
    wukongopensource wukong_nocode Affected: 0 , < 20230807 (custom)
        cpe:2.3:a:wukongopensource:wukong_nocode:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    aftersnow (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:wukongopensource:wukong_nocode:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wukong_nocode",
                "vendor": "wukongopensource",
                "versions": [
                  {
                    "lessThan": "20230807",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6645",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-11T15:00:04.114008Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-11T15:01:24.124Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:41:04.254Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-271051 | WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.271051"
              },
              {
                "name": "VDB-271051 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.271051"
              },
              {
                "name": "Submit #367349 | WuKongOpenSource Wukong_nocode \u003c=latest AviatorScript Inject RCE",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.367349"
              },
              {
                "tags": [
                  "exploit",
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://github.com/WuKongOpenSource/Wukong_nocode/issues/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "AviatorScript Handler"
              ],
              "product": "Wukong_nocode",
              "vendor": "WuKongOpenSource",
              "versions": [
                {
                  "status": "affected",
                  "version": "20230807"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "aftersnow (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WuKongOpenSource Wukong_nocode up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file ExpressionUtil.java of the component AviatorScript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-271051."
            },
            {
              "lang": "de",
              "value": "In WuKongOpenSource Wukong_nocode bis 20230807 wurde eine kritische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei ExpressionUtil.java der Komponente AviatorScript Handler. Dank der Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-10T17:00:05.966Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-271051 | WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.271051"
            },
            {
              "name": "VDB-271051 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.271051"
            },
            {
              "name": "Submit #367349 | WuKongOpenSource Wukong_nocode \u003c=latest AviatorScript Inject RCE",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.367349"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/WuKongOpenSource/Wukong_nocode/issues/4"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-10T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-10T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-10T12:16:04.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-6645",
        "datePublished": "2024-07-10T17:00:05.966Z",
        "dateReserved": "2024-07-10T10:10:51.793Z",
        "dateUpdated": "2024-08-01T21:41:04.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-6645 (GCVE-0-2024-6645)

    Vulnerability from cvelistv5 – Published: 2024-07-10 17:00 – Updated: 2024-08-01 21:41
    VLAI
    Title
    WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization
    Summary
    A vulnerability was found in WuKongOpenSource Wukong_nocode up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file ExpressionUtil.java of the component AviatorScript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-271051.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.271051 vdb-entry
    https://vuldb.com/?ctiid.271051 signaturepermissions-required
    https://vuldb.com/?submit.367349 third-party-advisory
    https://github.com/WuKongOpenSource/Wukong_nocode… exploitissue-tracking
    Impacted products
    Vendor Product Version
    WuKongOpenSource Wukong_nocode Affected: 20230807
    Create a notification for this product.
    wukongopensource wukong_nocode Affected: 0 , < 20230807 (custom)
        cpe:2.3:a:wukongopensource:wukong_nocode:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    aftersnow (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:wukongopensource:wukong_nocode:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wukong_nocode",
                "vendor": "wukongopensource",
                "versions": [
                  {
                    "lessThan": "20230807",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6645",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-11T15:00:04.114008Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-11T15:01:24.124Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:41:04.254Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-271051 | WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.271051"
              },
              {
                "name": "VDB-271051 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.271051"
              },
              {
                "name": "Submit #367349 | WuKongOpenSource Wukong_nocode \u003c=latest AviatorScript Inject RCE",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.367349"
              },
              {
                "tags": [
                  "exploit",
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://github.com/WuKongOpenSource/Wukong_nocode/issues/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "AviatorScript Handler"
              ],
              "product": "Wukong_nocode",
              "vendor": "WuKongOpenSource",
              "versions": [
                {
                  "status": "affected",
                  "version": "20230807"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "aftersnow (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WuKongOpenSource Wukong_nocode up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file ExpressionUtil.java of the component AviatorScript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-271051."
            },
            {
              "lang": "de",
              "value": "In WuKongOpenSource Wukong_nocode bis 20230807 wurde eine kritische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei ExpressionUtil.java der Komponente AviatorScript Handler. Dank der Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-10T17:00:05.966Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-271051 | WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.271051"
            },
            {
              "name": "VDB-271051 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.271051"
            },
            {
              "name": "Submit #367349 | WuKongOpenSource Wukong_nocode \u003c=latest AviatorScript Inject RCE",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.367349"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/WuKongOpenSource/Wukong_nocode/issues/4"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-10T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-10T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-10T12:16:04.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-6645",
        "datePublished": "2024-07-10T17:00:05.966Z",
        "dateReserved": "2024-07-10T10:10:51.793Z",
        "dateUpdated": "2024-08-01T21:41:04.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }