CVE-2022相关仓库的总数量 :338
描述:Intentionally vulnerable Spring app to test CVE-2022-22965
链接:https://github.com/fracturelabs/spring4shell_victim
——————
描述:A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
链接:https://github.com/LudovicPatho/CVE-2022-22965_Spring4Shell
——————
描述:Hacked up Dirty Pipe (CVE-2022-0847) PoC that hijacks a SUID binary to spawn a root shell. (and attempts to restore the damaged binary as well)
链接:https://github.com/LudovicPatho/CVE-2022-0847_dirty-pipe
——————
描述:Vulnerabilidad RCE en Spring Framework vía Data Binding on JDK 9+
链接:https://github.com/GuayoyoCyber/CVE-2022-22965
——————
描述:RHSB-2022-002 Dirty Pipe - kernel arbitrary file manipulation - (CVE-2022-0847)
链接:https://github.com/mhanief/dirtypipe
——————
描述:The demo code showing the recent Spring4Shell RCE (CVE-2022-22965)
链接:https://github.com/datawiza-inc/spring-rec-demo
——————
描述:Spring-Cloud-Spel-RCE
链接:https://github.com/Ha0Liu/CVE-2022-22947
免责声明 由于传播、利用本公众号所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,公众号及作者不为此承担任何责任,一旦造成后果请自行承担!如有侵权烦请告知,我们会立即删除并致歉。如需转载请注明出处,谢谢!
原文始发于微信公众号(李白你好):2022-4-7 有新的CVE仓库送达!
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论