GHSA-xpv2-8ppj-79hh

Suggest an improvement
Source
https://github.com/advisories/GHSA-xpv2-8ppj-79hh
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-xpv2-8ppj-79hh/GHSA-xpv2-8ppj-79hh.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-xpv2-8ppj-79hh
Aliases
Published
2021-10-04T20:14:31Z
Modified
2024-02-20T20:15:59.822052Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Expression injection in AviatorScript
Details

AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL).

References

Affected packages

Maven / com.googlecode.aviator:aviator

Package

Name
com.googlecode.aviator:aviator
View open source insights on deps.dev
Purl
pkg:maven/com.googlecode.aviator/aviator

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.2.1
Last affected
5.2.7

Affected versions

5.*

5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.2.6
5.2.7