Hi we are using Smartclient power edition v14.1 with nightly build 2025-11-21.
We scanned our application for security vulnerabilities using veracode its showing couple vulerabilities. For E.g in com/isomorphic/scripting/ScriptGroovy.java in isomorphic_core_rpc.jar
security scanner identified issue on -->Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Attack Vector: javax.script.ScriptEngine.eval
Number of Modules Affected: 1
Description: This call to javax.script.ScriptEngine.eval() contains untrusted input. If this input could be modified by an attacker, arbitrary code could be executed. The first argument to eval() contains tainted data from the variable evalScript. The tainted data originated from earlier calls to AnnotationVirtualController.vc_annotation_entry, AnnotationVirtualController.vc_taintobj, and java.net.URLConnection.getInputStream.
also attached couple more places in the screenshot.
can you please help us in this what should be the remedy on this .
Thanks,
Mohideen
We scanned our application for security vulnerabilities using veracode its showing couple vulerabilities. For E.g in com/isomorphic/scripting/ScriptGroovy.java in isomorphic_core_rpc.jar
security scanner identified issue on -->Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Attack Vector: javax.script.ScriptEngine.eval
Number of Modules Affected: 1
Description: This call to javax.script.ScriptEngine.eval() contains untrusted input. If this input could be modified by an attacker, arbitrary code could be executed. The first argument to eval() contains tainted data from the variable evalScript. The tainted data originated from earlier calls to AnnotationVirtualController.vc_annotation_entry, AnnotationVirtualController.vc_taintobj, and java.net.URLConnection.getInputStream.
also attached couple more places in the screenshot.
can you please help us in this what should be the remedy on this .
Thanks,
Mohideen
Comment