CVE-2024-12652

Severity CVSS v4.0:
CRITICAL
Type:
CWE-94 Code Injection
Publication date:
26/12/2024
Last modified:
26/12/2024

Description

A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code.

References to Advisories, Solutions, and Tools