oinone/oinone-pamirs

GitHub

github.com

oinone.ai

Releases0

Stars2.54K

Oinone is an AI‑Powered low‑code framework that unifies AI and developers around a shared metadata model to build maintainable, evolvable, high‑quality enterprise intelligent applications.[AI Coding][Vibe Coding][Framework][Low Code]

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-39052 ↗	May 15, 2026Friday, 15 May 2026, 15:16	6.5 MEDIUM	—
Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map<String, Object> context) evaluates attacker-controlled script expressions through the underlying script engine without sandboxing or allowlist restrictions.
CVE-2026-39053 ↗	May 15, 2026Friday, 15 May 2026, 15:16	6.5 MEDIUM	—
Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML(...) or ViewXmlUtils.fromXML(...), unsafe XML processing can lead to file disclosure or SSRF.
CVE-2026-39054 ↗	May 15, 2026Friday, 15 May 2026, 15:16	7.3 HIGH	—
Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary operating system command execution.