Remote Command Execution in Knowage Community Edition (<= 8.1.37)

[Amlreux]

Hello Knowage Team,

I would like to report a security vulnerability I discovered in Knowage Community Edition (<= 8.1.37).
The issue could potentially lead to Remote Command Execution (RCE) under certain conditions.

For responsible disclosure reasons, I will not share the technical details or PoC here publicly.
Could you please provide a proper security contact (email address or private channel) so that I can send you the full report?

Summary

• Product: Knowage Community Edition
• Version: <= 8.1.37
• Vulnerability type: Command Injection → possible Arbitrary Command Execution
• Impact: Remote attacker may execute arbitrary system commands

I am following responsible disclosure practices and would like to coordinate with the Knowage team before publishing any technical details.

Thank you

[github-actions]

This issue is stale because it is related to an old version or it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[github-actions]

This issue is stale because it is related to an old version or it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[github-actions]

This issue is stale because it is related to an old version or it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.