Weibocom Rill-Flow Code Injection Vulnerability in Management Console Allowing Remote Code Execution
Vulnerability
A critical code injection vulnerability has been identified in Weibocom Rill-Flow version 0.1.18. The issue resides in an unknown function within the Management Console component, allowing attackers to inject malicious code that can be executed remotely. This vulnerability has been publicly disclosed and is exploitable by escalating privileges from a web user to gain access to machine-level rights.
Impact
Exploitation of this vulnerability allows for remote code execution on the server where Rill-Flow is running.
Reproduction
To reproduce this vulnerability, create a process list in the Rill-Flow management console. Set input mappings for the nodes to process Aviator expressions. This can be done by importing a specially crafted YAML file that includes the payload for the code execution. Once the process is saved and executed, the injected code will be executed on the server, demonstrating the remote code execution vulnerability.
Remediation
When using Aviator, configure it to block the loading of external classes by setting the whitelist to empty.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.