CNNVD-202506-3774 Information
CNNVD ID
CNNVD-202506-3774
Related CVE
- CNNVD Published: 2025-06-30
Description (Chinese)
Conductor是Orkes社区的一个事件驱动的编排平台。 Conductor v3.21.11版本存在安全漏洞,该漏洞源于对Java类的无限制访问,可能导致执行任意OS命令。
Description (English)
Conductor is an event-driven programming platform for the Orkes community. There is a security loophole in the Conductor v. 321.11 version, which stems from unrestricted access to the Java class and may result in the implementation of arbitrary OS orders.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Orkes
Published
2025-06-30
Last Modified
2026-02-24
References
https://medium.com/@mrcnry/cve-2025-26074-remote-code-execution-in-conductor-oss-via-inline-javascript-injection-5ce3cb651cfb https://github.com/conductor-oss/conductor https://github.com/conductor-oss/conductor/blob/main/core/src/main/java/com/netflix/conductor/core/events/ScriptEvaluator.java https://access.redhat.com/security/cve/cve-2025-26074
Patch
https://github.com/conductor-oss/conductor/releases
Share on: