You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In symphony 3.6.3 and earlier, the use of an insecure log4j version resulted in a remote command execution risk. In the course of actual testing, a vulnerability trigger was found:
Vulnerability interface: "/activity/character/submit"
This can eventually cause an attacker to take over the server.
At present, there are still a large number of servers in the public network that have not been upgraded to 3.6.4.
The text was updated successfully, but these errors were encountered:
In symphony 3.6.3 and earlier, the use of an insecure log4j version resulted in a remote command execution risk. In the course of actual testing, a vulnerability trigger was found:
![b62f304d7843a47d9c9236beb71c448](https://private-user-images.githubusercontent.com/107806521/294063257-9e58e85b-2dad-41cc-a48e-ca30bcadb5ac.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE0MTQ4MDYsIm5iZiI6MTcyMTQxNDUwNiwicGF0aCI6Ii8xMDc4MDY1MjEvMjk0MDYzMjU3LTllNThlODViLTJkYWQtNDFjYy1hNDhlLWNhMzBiY2FkYjVhYy5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNzE5JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDcxOVQxODQxNDZaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT03YjkyNTkwZTFhNjdiNjNjYzg4YTlkOWFjMzAwZTU0ZWJkOTNjMjFkYzA4ZjJjYTllNjZmOTc1NDQ3MmEyZWJiJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.RSKBqrMQ1ZDYhY5HpkeTgNdgU2pjAXYmuYNIh_1nvPQ)
![d4627af0ccf00c20f8e4f183cf0e1b3](https://private-user-images.githubusercontent.com/107806521/294063265-18fef494-79da-4304-8a3d-93b27c33988c.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE0MTQ4MDYsIm5iZiI6MTcyMTQxNDUwNiwicGF0aCI6Ii8xMDc4MDY1MjEvMjk0MDYzMjY1LTE4ZmVmNDk0LTc5ZGEtNDMwNC04YTNkLTkzYjI3YzMzOTg4Yy5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNzE5JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDcxOVQxODQxNDZaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT1iYmM0OTgwOGVhNGIzMTRmZjkxMTIzZGE5ZTQ3NjFjM2QwYzU3NjUzNTQ4MWVjYjBlZmVjODUzZGYzMGNhMWRkJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.N-FQrKh6IhTBEVbuSCsuXoZm-NjUx8dN9aolSZ3AsRc)
![565bf4fc77ba97767a4655d53552dd6](https://private-user-images.githubusercontent.com/107806521/294063281-affdedab-be6c-4b87-95f6-9bf1ef0f78aa.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE0MTQ4MDYsIm5iZiI6MTcyMTQxNDUwNiwicGF0aCI6Ii8xMDc4MDY1MjEvMjk0MDYzMjgxLWFmZmRlZGFiLWJlNmMtNGI4Ny05NWY2LTliZjFlZjBmNzhhYS5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNzE5JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDcxOVQxODQxNDZaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT04MDQxY2UzMWJjOGQ0YjQ0NzEzZmYyMTllZDk2MzRhZDZjODA4NjdiYzU3ZTllMWUwMzFkMWFkZTI3YzBlMjI4JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.Cyt4DQ1JysxIJ59ODkp3vQN9H2Jq1qUW5TrZ8PDBI_U)
![de8fd3138b80ba7d411a64300cd0a43](https://private-user-images.githubusercontent.com/107806521/294063324-9245b4d0-5756-4ae7-be2f-949671338634.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE0MTQ4MDYsIm5iZiI6MTcyMTQxNDUwNiwicGF0aCI6Ii8xMDc4MDY1MjEvMjk0MDYzMzI0LTkyNDViNGQwLTU3NTYtNGFlNy1iZTJmLTk0OTY3MTMzODYzNC5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNzE5JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDcxOVQxODQxNDZaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT0wNDRhZDNkZWJjMDk3ZjA2NWQyZWYzMTg4YTAwZDljZWRlM2Q3ZmY3ZDc1YWMzYTU4M2Q1ODY3MjY2NmFjZWQwJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.ZKN8GSso-CMp9iBaR0AJ44zZrETWibMSju1pYwPLyMc)
![ea10bf5cf42afcfb88320bbcd0cff1c](https://private-user-images.githubusercontent.com/107806521/294063588-b3b312af-8fb8-44c9-9e64-391fa799601e.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE0MTQ4MDYsIm5iZiI6MTcyMTQxNDUwNiwicGF0aCI6Ii8xMDc4MDY1MjEvMjk0MDYzNTg4LWIzYjMxMmFmLThmYjgtNDRjOS05ZTY0LTM5MWZhNzk5NjAxZS5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNzE5JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDcxOVQxODQxNDZaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT01YTU1ZTA4OWE0OGExZmZiYmI4NjkzNzZjMGM1MTNkMTliNmUwNzMwNGYwMjg1NDQxNWNlZGJkZDU0NGU5NzExJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.V1MoYj6wEXtYkZknCuDx_97Zlmfj7IIqouwjFtV3yKM)
Vulnerability interface: "/activity/character/submit"
This can eventually cause an attacker to take over the server.
At present, there are still a large number of servers in the public network that have not been upgraded to 3.6.4.
The text was updated successfully, but these errors were encountered: