This repository was archived by the owner on Dec 28, 2023. It is now read-only.
Deserialization Vulnerability by evil yaml config input (SnakeYAML)
Package
super-xray
(super-xray)
Affected versions
0.6-beta and below
Patched versions
0.7
Severity
Vendor
super-xray
Versions Affected
0.6-beta and below
Description
SnakeYAML RCE
ScreenShot:
PoC:
Fix:
Mitigation
users should upgrade to super-xray 0.7
Credit
This issue was discovered by super-xray development team