CVE-2024-12652

9.3

Critical

Published:26 Dec 2024

Last updated:17 Jun 2026

Source:ART@zuso.ai

Analyzed

Weakness (CWE)

CWE-94Code Injection

CVSS Vector

v4.0

Attack Vector: Network
Attack Complexity: Low
Attack Requirements: None
Privileges Required: High
User Interaction: None
Confidentiality (Vulnerable): High
Integrity (Vulnerable): High
Availability (Vulnerable): High
Confidentiality (Subsequent): Low
Integrity (Subsequent): Low
Availability (Subsequent): High

View on MITRE Find PoC on GitHub

Description

A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code.

References

ART@zuso.ai

https://zuso.ai/advisory/za-2024-13