mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-28 11:21:40 +02:00
0xMarcio
41 lines
2.1 KiB
Markdown
41 lines
2.1 KiB
Markdown
### [CVE-2021-22053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22053)
|
|
|
|
|
|
&color=brightgreen)
|
|
|
|
### Description
|
|
|
|
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution.
|
|
|
|
### POC
|
|
|
|
#### Reference
|
|
No PoCs from references.
|
|
|
|
#### Github
|
|
- https://github.com/20142995/nuclei-templates
|
|
- https://github.com/20142995/sectool
|
|
- https://github.com/ARPSyndicate/cve-scores
|
|
- https://github.com/ARPSyndicate/cvemon
|
|
- https://github.com/ARPSyndicate/kenzer-templates
|
|
- https://github.com/Agilevatester/SpringSecurity
|
|
- https://github.com/Agilevatester/SpringSecurityV1
|
|
- https://github.com/Ljw1114/SpringFramework-Vul
|
|
- https://github.com/NaInSec/CVE-PoC-in-GitHub
|
|
- https://github.com/SYRTI/POC_to_review
|
|
- https://github.com/SecCoder-Security-Lab/spring-cloud-netflix-hystrix-dashboard-cve-2021-22053
|
|
- https://github.com/Vulnmachines/CVE-2021-22053
|
|
- https://github.com/WhooAmii/POC_to_review
|
|
- https://github.com/ax1sX/SpringSecurity
|
|
- https://github.com/k0mi-tg/CVE-POC
|
|
- https://github.com/manas3c/CVE-POC
|
|
- https://github.com/nBp1Ng/FrameworkAndComponentVulnerabilities
|
|
- https://github.com/nBp1Ng/SpringFramework-Vul
|
|
- https://github.com/nomi-sec/PoC-in-GitHub
|
|
- https://github.com/soosmile/POC
|
|
- https://github.com/trhacknon/Pocingit
|
|
- https://github.com/whoforget/CVE-POC
|
|
- https://github.com/youwizard/CVE-POC
|
|
- https://github.com/zecool/cve
|
|
|