Approved changes feed: RSS · Atom
cpe:2.3:a:dromara:warm-flow:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Dromara (b947c778-a342-54de-aeca-3412ce9a5af8) |
|---|---|
| Product | Warm Flow (fd6c0081-4118-56f3-a9dd-f6404535e492) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-6125 |
vulnerable | 2026-06-08 08:07:04.482603 |
Dromara warm-flow Workflow Definition save-json SpelHelper.parseExpression code injection
MEDIUM (6.3)
A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Published: 2026-04-12T09:30:22.132Z
Updated: 2026-04-13T17:47:46.421Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.