Deserialization Vulnerability in WuKongOpenSource Wukong_nocode Product
CVE-2024-6645

Currently unrated

Key Information:

Vendor: WuKongOpenSource
Status: Wukong_nocode
Vendor: CVE Published:; 10 July 2024

🔔 Create WuKongOpenSource Vulnerability Alert

What is CVE-2024-6645?

A vulnerability exists in the WuKongOpenSource Wukong_nocode product due to an unknown functionality within the ExpressionUtil.java component of the AviatorScript Handler. This flaw enables attackers to perform deserialization, which can potentially lead to exploitation. The vulnerability can be triggered remotely, allowing for unauthorized control and manipulation without the need for physical access. As the affected product does not utilize versioning, detailed information on impacted or fixed versions is unavailable, which complicates assessment and mitigation efforts.

References

https://vuldb.com/?id.271051

https://vuldb.com/?ctiid.271051

https://vuldb.com/?submit.367349

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2024