High severity8.8NVD Advisory· Published Apr 26, 2022· Updated Jun 17, 2026
CVE-2022-24881
CVE-2022-24881
Description
Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done. The fault is rectified in version 1.0.0.beta.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.hccake:ballcat-codegenMaven | < 1.0.0.beta.2 | 1.0.0.beta.2 |
Affected products
2- Range: < 1.0.0.beta.2
Patches
Vulnerability mechanics
References
5- github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463bnvdPatchThird Party AdvisoryWEB
- github.com/ballcat-projects/ballcat-codegen/issues/5nvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/ballcat-projects/ballcat-codegen/security/advisories/GHSA-fv3m-xhqw-9m79nvdExploitPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-fv3m-xhqw-9m79ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-24881ghsaADVISORY
News mentions
0No linked articles in our index yet.