Deserialization Vulnerability in WuKongOpenSource Wukong_nocode Product
CVE-2024-6645
Currently unrated
What is CVE-2024-6645?
A vulnerability exists in the WuKongOpenSource Wukong_nocode product due to an unknown functionality within the ExpressionUtil.java component of the AviatorScript Handler. This flaw enables attackers to perform deserialization, which can potentially lead to exploitation. The vulnerability can be triggered remotely, allowing for unauthorized control and manipulation without the need for physical access. As the affected product does not utilize versioning, detailed information on impacted or fixed versions is unavailable, which complicates assessment and mitigation efforts.