The vulnerability in Oinone Pamirs 7.0.0 involves the ScriptRunner.run(String expression, String type, Map<String, Object> context) method, which executes script expressions provided by users through an underlying script engine. Due to the absence of sandboxing or allowlist restrictions, an attacker can supply crafted script expressions that lead to arbitrary code execution within the context of the application. This vulnerability is classified as a code execution flaw but lacks detailed CVSS scoring or vendor remediation guidance at this time.

Successful exploitation allows an attacker to execute arbitrary code on the affected system via the ScriptRunner component. This can lead to full compromise of the application environment depending on the privileges of the executing process. No known exploits have been reported, and the extent of impact depends on deployment context and usage of the ScriptRunner functionality.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the ScriptRunner functionality and avoid processing untrusted script expressions. Monitor vendor channels for updates regarding patches or mitigations.