PT-2026-24899 · Autohomecorp · Frostmourne
Ana10Gy
+1
·
Published
2026-03-12
·
Updated
2026-03-12
·
CVE-2026-3968
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
AutohomeCorp frostmourne version 1.0
Description
A security issue exists in AutohomeCorp frostmourne that allows for code injection. This occurs due to manipulation of the
EXPRESSION argument within the scriptEngine.eval function located in the ExpressionRule.java file of the Oracle Nashorn JavaScript Engine component. The attack can be carried out remotely. The exploit for this issue has been publicly disclosed. The vendor was informed of this disclosure but did not respond.Recommendations
AutohomeCorp frostmourne version 1.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Special Elements Injection
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Frostmourne