mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-25 04:24:05 +02:00
0xMarcio
1.2 KiB
1.2 KiB
CVE-2020-7931
Description
In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template.
POC
Reference
No PoCs from references.
Github
- https://github.com/0xT11/CVE-POC
- https://github.com/ARPSyndicate/cvemon
- https://github.com/TrojanAZhen/Self_Back
- https://github.com/anquanscan/sec-tools
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/gquere/CVE-2020-7931
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/soosmile/POC
- https://github.com/xbl2022/awesome-hacking-lists