Deserialization Vulnerability in WuKongOpenSource Wukong_nocode Product
CVE-2024-6645

Currently unrated

Key Information:

Vendor
CVE Published:
10 July 2024

What is CVE-2024-6645?

A vulnerability exists in the WuKongOpenSource Wukong_nocode product due to an unknown functionality within the ExpressionUtil.java component of the AviatorScript Handler. This flaw enables attackers to perform deserialization, which can potentially lead to exploitation. The vulnerability can be triggered remotely, allowing for unauthorized control and manipulation without the need for physical access. As the affected product does not utilize versioning, detailed information on impacted or fixed versions is unavailable, which complicates assessment and mitigation efforts.

References

Timeline

  • Vulnerability published

.
CVE-2024-6645 : Deserialization Vulnerability in WuKongOpenSource Wukong_nocode Product