Product
The OpenRemote IoT platform is vulnerable to expression injection, allowing remote code execution due to an unsandboxed Nashorn JavaScript engine and an inactive Groovy sandbox, leading to full server compromise.