{"id":"CVE-2022-24881","summary":"Command Injection in Ballcat Codegen","details":"Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done. The fault is rectified in version 1.0.0.beta.2.","aliases":["GHSA-fv3m-xhqw-9m79"],"modified":"2026-04-11T22:01:30.135700Z","published":"2022-04-26T16:06:21Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24881.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-94"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24881.json"},{"type":"ADVISORY","url":"https://github.com/ballcat-projects/ballcat-codegen/security/advisories/GHSA-fv3m-xhqw-9m79"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24881"},{"type":"REPORT","url":"https://github.com/ballcat-projects/ballcat-codegen/issues/5"},{"type":"FIX","url":"https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ballcat-projects/ballcat-codegen","events":[{"introduced":"0"},{"fixed":"84a7cb38daf0295b93aba21d562ec627e4eb463b"}]},{"type":"GIT","repo":"https://github.com/ballcat-projects/ballcat-codegen","events":[{"introduced":"0"},{"fixed":"84a7cb38daf0295b93aba21d562ec627e4eb463b"}]}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"malicious"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24881.json","vanir_signatures_modified":"2026-04-11T22:01:30Z","vanir_signatures":[{"source":"https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b","deprecated":false,"digest":{"length":174,"function_hash":"268359636321767829351246379969425549917"},"target":{"file":"ballcat-codegen-backend/src/main/java/com/hccake/ballcat/codegen/engine/FreemarkerTemplateEngine.java","function":"FreemarkerTemplateEngine"},"signature_version":"v1","signature_type":"Function","id":"CVE-2022-24881-2593fcc3"},{"source":"https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b","deprecated":false,"digest":{"line_hashes":["234134560984276621895320756507245577668","148963788686942874614114649115514049133","155035931149909092157521698132231718332","275010295560069994165358177397566320826","132994481990010870243098997219648431729","126107153992021623298783028478232518577","109926973399220610793859467313970196766","100653271508766988307467820012946001776","272883831588502879667328856230896099686","263864988524298918468037688674343029600","333892833021615669095579162575845625645","109939881253094988124819967400976343414"],"threshold":0.9},"target":{"file":"ballcat-codegen-backend/src/main/java/com/hccake/ballcat/codegen/engine/VelocityTemplateEngine.java"},"signature_version":"v1","signature_type":"Line","id":"CVE-2022-24881-396d4b96"},{"source":"https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b","deprecated":false,"digest":{"line_hashes":["98172510733928771810096167004201156684","305411929898620090666432381827330240868","176933965498945347436876851534949567706","310971221693553274530187644183859550591","316380899240359274385228718350499067246","98289848406721316335490937920370190157","14792397911355069099523891823646204635","164601396576909617741530110946270550760"],"threshold":0.9},"target":{"file":"ballcat-codegen-backend/src/main/java/com/hccake/ballcat/codegen/engine/TemplateEngineDelegator.java"},"signature_version":"v1","signature_type":"Line","id":"CVE-2022-24881-42023f9c"},{"source":"https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b","deprecated":false,"digest":{"line_hashes":["174484822171544603087399424341332984527","162667292511953734973925541629434554851","290448580048774824116490443626424243373"],"threshold":0.9},"target":{"file":"ballcat-codegen-backend/src/main/java/com/hccake/ballcat/codegen/engine/TemplateEngine.java"},"signature_version":"v1","signature_type":"Line","id":"CVE-2022-24881-546b74c0"},{"source":"https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b","deprecated":false,"digest":{"length":277,"function_hash":"52435463313426765454469474319647260862"},"target":{"file":"ballcat-codegen-backend/src/main/java/com/hccake/ballcat/codegen/engine/VelocityTemplateEngine.java","function":"render"},"signature_version":"v1","signature_type":"Function","id":"CVE-2022-24881-94547922"},{"source":"https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b","deprecated":false,"digest":{"line_hashes":["69483613081468613543445426328303368864","36438614584385941210884747448770916925"],"threshold":0.9},"target":{"file":"ballcat-codegen-backend/src/main/java/com/hccake/ballcat/codegen/exception/TemplateRenderException.java"},"signature_version":"v1","signature_type":"Line","id":"CVE-2022-24881-96da9328"},{"source":"https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b","deprecated":false,"digest":{"line_hashes":["250585262133210953946513329031772331752","134910733303387190549934447795714817665","293350138378466035793875910915592667967","208612590474977117809204822266374794946","145696273910342682621638822963288021670","240921542302408156658785013612915104255","37813876043140401255226098691104815311","139806870730316257518982475253816745107","66961059764731091957631846763854467393","95676919142726730369648424849541225512","200443117803618873210839762664992753240","231869917703128285901573361874340199178","168922864155893486876018712225355990423","172382416263638147303740064008417234877","140598070891762432854317952695315699339","38320078439899735705734000785416066966","158367180492702269996389707722189704620","27384034306656464614672575389444524949","185454599727129911382537950507323593486","330504917400955660344826409819760539396","55379758793521553371733829710874338817","60890997973801881132662729157743834766"],"threshold":0.9},"target":{"file":"ballcat-codegen-backend/src/main/java/com/hccake/ballcat/codegen/service/impl/GeneratorServiceImpl.java"},"signature_version":"v1","signature_type":"Line","id":"CVE-2022-24881-b75e10dd"},{"source":"https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b","deprecated":false,"digest":{"line_hashes":["18981661583949258593576519141464446040","28705482360011945520074287175111811255","214904484643721471114561675075445010810","148487772419766328416056550131636430786","56486244197144233950112880473205819860","301049615636552986382034872450720506147"],"threshold":0.9},"target":{"file":"ballcat-codegen-backend/src/main/java/com/hccake/ballcat/codegen/engine/FreemarkerTemplateEngine.java"},"signature_version":"v1","signature_type":"Line","id":"CVE-2022-24881-bdd9a814"},{"source":"https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b","deprecated":false,"digest":{"length":276,"function_hash":"194634262403594128936070828075121641498"},"target":{"file":"ballcat-codegen-backend/src/main/java/com/hccake/ballcat/codegen/engine/TemplateEngineDelegator.java","function":"render"},"signature_version":"v1","signature_type":"Function","id":"CVE-2022-24881-e1f31768"},{"source":"https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b","deprecated":false,"digest":{"length":1020,"function_hash":"195558779172741709446231723077458695747"},"target":{"file":"ballcat-codegen-backend/src/main/java/com/hccake/ballcat/codegen/service/impl/GeneratorServiceImpl.java","function":"generatorCode"},"signature_version":"v1","signature_type":"Function","id":"CVE-2022-24881-f1fe921d"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}