Primary

Context

Oinone Pamirs Code Execution Vulnerability in ScriptRunner Component

Vulnerability

A remote code execution vulnerability has been identified in Oinone Pamirs version 7.0.0. The issue arises in the ScriptRunner component, specifically within the ScriptRunner.run method, which evaluates script expressions controlled by attackers. This evaluation is done through the underlying script engine, such as Groovy, without any sandboxing or allowlist restrictions. As a result, untrusted input can be executed as arbitrary code in the application process, potentially leading to unauthorized file access, configuration disclosure, network access, or execution of operating system commands with the privileges of the running service.

Impact

Exploitation of this vulnerability allows for arbitrary code execution in the server-side application context.

Remediation

Users can upgrade to Oinone Pamirs version 7.2.3, where this vulnerability has been fixed.

Added: May 15, 2026, 3:24 PM

Updated: May 15, 2026, 3:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.3

remediation

0.0

relevance

8.4

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.3

remediation

0.0

relevance

8.4

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oinone Pamirs Code Execution Vulnerability in ScriptRunner Component

Vulnerability

Impact

Remediation

Affected Products

Oinone Pamirs

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating