Lamp Cloud
Monthly
Server-side template injection (SSTI) in Dromara lamp-cloud versions 5.6.0 through 5.6.2 exposes the Message Template Handler to remote exploitation by authenticated low-privileged users who can inject malicious Groovy expressions via the DefMsgTemplate.content parameter. The vulnerable function GroovyClassLoader.parseClass compiles and executes attacker-controlled input as Groovy code at runtime. A public proof-of-concept exploit has been disclosed on GitHub, and the vendor has not responded to the coordinated disclosure, leaving no official patch available at time of analysis.
Server-side template injection (SSTI) in Dromara lamp-cloud versions 5.6.0 through 5.6.2 exposes the Message Template Handler to remote exploitation by authenticated low-privileged users who can inject malicious Groovy expressions via the DefMsgTemplate.content parameter. The vulnerable function GroovyClassLoader.parseClass compiles and executes attacker-controlled input as Groovy code at runtime. A public proof-of-concept exploit has been disclosed on GitHub, and the vendor has not responded to the coordinated disclosure, leaving no official patch available at time of analysis.