CVE-2022-24881

Name of the Vulnerable Software and Affected Versions Ballcat Codegen versions prior to 1.0.0.beta.2

Description Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done.

Recommendations For versions prior to 1.0.0.beta.2, upgrade to version 1.0.0.beta.2 or later to rectify the fault. As a temporary workaround, consider disabling the template engine or restricting the use of Velocity and freemarker templates until a patch is applied. Avoid using the template engine for online editing code to generate templates until the issue is resolved.