CVE-2023-7148 | ShifuML shifu 0.12.0 Java Expression Language DataPurifier.java FilterExpression code injection

Posted by Angelo Barbosa | Dec 28, 2023 | CVE

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument FilterExpression leads to code injection.

This vulnerability is known as CVE-2023-7148. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2023-7148 | ShifuML shifu 0.12.0 Java Expression Language DataPurifier.java FilterExpression code injection

Related Posts

CVE-2022-48929 | Linux Kernel up to 5.15.36/5.16.11 bpf reg2btf_ids null pointer dereference (8c39925e98d4/f0ce1bc9e023/45ce4b4f9009)

CVE-2024-43214 | myCred Plugin up to 2.7.2 on WordPress information disclosure

CVE-2024-33270 | FME Modules fileuploads Module up to 2.0.3/2.0.4 on PrestaShop uploadfiles.php information disclosure

CVE-2024-0469 | code-projects Human Resource Integrated System 1.0 update_personal_info.php sex sql injection