CVE-2024-12652 Information

Description

A Improper Control of Generation of Code (‘Code Injection’) vulnerability in groovy script function in SmartRobot’s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code.

Reference

https://zuso.ai/advisory/za-2024-13