Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
All versions of the package com.bstek.uflo:uflo-core is vulnerable to Remote Code Execution (RCE) in the ExpressionContextImpl class via jexl.createExpression(expression).evaluate(context); functionality, due to improper user input validation.