CVE-2022-24881

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-24881

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24881.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-24881

Aliases

GHSA-fv3m-xhqw-9m79

Published

2022-04-26T16:06:21Z

Modified

2025-12-04T10:19:46.495342Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Command Injection in Ballcat Codegen

Details

Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done. The fault is rectified in version 1.0.0.beta.2.

Database specific

{
    "cwe_ids": [
        "CWE-94"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24881.json"
}

References

Affected packages

Git / github.com/ballcat-projects/ballcat-codegen

Affected ranges

Type: GIT
Repo: https://github.com/ballcat-projects/ballcat-codegen
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

84a7cb38daf0295b93aba21d562ec627e4eb463b

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "268359636321767829351246379969425549917",
            "length": 174.0
        },
        "target": {
            "file": "ballcat-codegen-backend/src/main/java/com/hccake/ballcat/codegen/engine/FreemarkerTemplateEngine.java",
            "function": "FreemarkerTemplateEngine"
        },
        "deprecated": false,
        "source": "https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b",
        "id": "CVE-2022-24881-2593fcc3",
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "234134560984276621895320756507245577668",
                "148963788686942874614114649115514049133",
                "155035931149909092157521698132231718332",
                "275010295560069994165358177397566320826",
                "132994481990010870243098997219648431729",
                "126107153992021623298783028478232518577",
                "109926973399220610793859467313970196766",
                "100653271508766988307467820012946001776",
                "272883831588502879667328856230896099686",
                "263864988524298918468037688674343029600",
                "333892833021615669095579162575845625645",
                "109939881253094988124819967400976343414"
            ]
        },
        "target": {
            "file": "ballcat-codegen-backend/src/main/java/com/hccake/ballcat/codegen/engine/VelocityTemplateEngine.java"
        },
        "deprecated": false,
        "source": "https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b",
        "id": "CVE-2022-24881-396d4b96",
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "98172510733928771810096167004201156684",
                "305411929898620090666432381827330240868",
                "176933965498945347436876851534949567706",
                "310971221693553274530187644183859550591",
                "316380899240359274385228718350499067246",
                "98289848406721316335490937920370190157",
                "14792397911355069099523891823646204635",
                "164601396576909617741530110946270550760"
            ]
        },
        "target": {
            "file": "ballcat-codegen-backend/src/main/java/com/hccake/ballcat/codegen/engine/TemplateEngineDelegator.java"
        },
        "deprecated": false,
        "source": "https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b",
        "id": "CVE-2022-24881-42023f9c",
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "174484822171544603087399424341332984527",
                "162667292511953734973925541629434554851",
                "290448580048774824116490443626424243373"
            ]
        },
        "target": {
            "file": "ballcat-codegen-backend/src/main/java/com/hccake/ballcat/codegen/engine/TemplateEngine.java"
        },
        "deprecated": false,
        "source": "https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b",
        "id": "CVE-2022-24881-546b74c0",
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "digest": {
            "function_hash": "52435463313426765454469474319647260862",
            "length": 277.0
        },
        "target": {
            "file": "ballcat-codegen-backend/src/main/java/com/hccake/ballcat/codegen/engine/VelocityTemplateEngine.java",
            "function": "render"
        },
        "deprecated": false,
        "source": "https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b",
        "id": "CVE-2022-24881-94547922",
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "69483613081468613543445426328303368864",
                "36438614584385941210884747448770916925"
            ]
        },
        "target": {
            "file": "ballcat-codegen-backend/src/main/java/com/hccake/ballcat/codegen/exception/TemplateRenderException.java"
        },
        "deprecated": false,
        "source": "https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b",
        "id": "CVE-2022-24881-96da9328",
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "250585262133210953946513329031772331752",
                "134910733303387190549934447795714817665",
                "293350138378466035793875910915592667967",
                "208612590474977117809204822266374794946",
                "145696273910342682621638822963288021670",
                "240921542302408156658785013612915104255",
                "37813876043140401255226098691104815311",
                "139806870730316257518982475253816745107",
                "66961059764731091957631846763854467393",
                "95676919142726730369648424849541225512",
                "200443117803618873210839762664992753240",
                "231869917703128285901573361874340199178",
                "168922864155893486876018712225355990423",
                "172382416263638147303740064008417234877",
                "140598070891762432854317952695315699339",
                "38320078439899735705734000785416066966",
                "158367180492702269996389707722189704620",
                "27384034306656464614672575389444524949",
                "185454599727129911382537950507323593486",
                "330504917400955660344826409819760539396",
                "55379758793521553371733829710874338817",
                "60890997973801881132662729157743834766"
            ]
        },
        "target": {
            "file": "ballcat-codegen-backend/src/main/java/com/hccake/ballcat/codegen/service/impl/GeneratorServiceImpl.java"
        },
        "deprecated": false,
        "source": "https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b",
        "id": "CVE-2022-24881-b75e10dd",
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "18981661583949258593576519141464446040",
                "28705482360011945520074287175111811255",
                "214904484643721471114561675075445010810",
                "148487772419766328416056550131636430786",
                "56486244197144233950112880473205819860",
                "301049615636552986382034872450720506147"
            ]
        },
        "target": {
            "file": "ballcat-codegen-backend/src/main/java/com/hccake/ballcat/codegen/engine/FreemarkerTemplateEngine.java"
        },
        "deprecated": false,
        "source": "https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b",
        "id": "CVE-2022-24881-bdd9a814",
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "digest": {
            "function_hash": "194634262403594128936070828075121641498",
            "length": 276.0
        },
        "target": {
            "file": "ballcat-codegen-backend/src/main/java/com/hccake/ballcat/codegen/engine/TemplateEngineDelegator.java",
            "function": "render"
        },
        "deprecated": false,
        "source": "https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b",
        "id": "CVE-2022-24881-e1f31768",
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "digest": {
            "function_hash": "195558779172741709446231723077458695747",
            "length": 1020.0
        },
        "target": {
            "file": "ballcat-codegen-backend/src/main/java/com/hccake/ballcat/codegen/service/impl/GeneratorServiceImpl.java",
            "function": "generatorCode"
        },
        "deprecated": false,
        "source": "https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b",
        "id": "CVE-2022-24881-f1fe921d",
        "signature_type": "Function",
        "signature_version": "v1"
    }
]