Update Thu Feb 8 20:22:27 UTC 2024

trickest · Feb 8, 2024 · b770fed · b770fed
1 parent 6aa7bcc
commit b770fed
Show file tree

Hide file tree

Showing 103 changed files with 1,077 additions and 28 deletions.
diff --git a/2004/CVE-2004-2687.md b/2004/CVE-2004-2687.md
@@ -21,6 +21,7 @@ No PoCs from references.
 - https://github.com/Kr1tz3x3/HTB-Writeups
 - https://github.com/SecGen/SecGen
 - https://github.com/angelpimentell/distcc_cve_2004-2687_exploit
+- https://github.com/c0d3cr4f73r/distccd_rce_CVE-2004-2687
 - https://github.com/crypticdante/distccd_rce_CVE-2004-2687
 - https://github.com/giusepperuggiero96/Network-Security-2021
 - https://github.com/gregtampa/HBCTF-Battlegrounds

diff --git a/2007/CVE-2007-2447.md b/2007/CVE-2007-2447.md
@@ -51,6 +51,7 @@ The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote
 - https://github.com/amriunix/CVE-2007-2447
 - https://github.com/b1fair/smb_usermap
 - https://github.com/bdunlap9/CVE-2007-2447_python
+- https://github.com/c0d3cr4f73r/CVE-2007-2447
 - https://github.com/cherrera0001/CVE-2007-2447
 - https://github.com/crypticdante/CVE-2007-2447
 - https://github.com/gwyomarch/Lame-HTB-Writeup-FR

diff --git a/2008/CVE-2008-4250.md b/2008/CVE-2008-4250.md
@@ -33,6 +33,7 @@ The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP
 - https://github.com/RodrigoVarasLopez/Download-Scanners-from-Nessus-8.7-using-the-API
 - https://github.com/SexyBeast233/SecBooks
 - https://github.com/Y2FuZXBh/exploits
+- https://github.com/c0d3cr4f73r/MS08-067
 - https://github.com/crypticdante/MS08-067
 - https://github.com/dtomic-ftnt/solution-pack-ips-alert-triage
 - https://github.com/fei9747/WindowsElevation

diff --git a/2009/CVE-2009-2265.md b/2009/CVE-2009-2265.md
@@ -25,6 +25,7 @@ Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow r
 - https://github.com/CVEDB/PoC-List
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/H3xL00m/CVE-2009-2265
+- https://github.com/c0d3cr4f73r/CVE-2009-2265
 - https://github.com/crypticdante/CVE-2009-2265
 - https://github.com/k4u5h41/CVE-2009-2265
 - https://github.com/macosta-42/Exploit-Development

diff --git a/2011/CVE-2011-1249.md b/2011/CVE-2011-1249.md
@@ -21,6 +21,7 @@ The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and S
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/H3xL00m/CVE-2011-1249
 - https://github.com/Madusanka99/OHTS
+- https://github.com/c0d3cr4f73r/CVE-2011-1249
 - https://github.com/crypticdante/CVE-2011-1249
 - https://github.com/fei9747/WindowsElevation
 - https://github.com/k4u5h41/CVE-2011-1249

diff --git a/2014/CVE-2014-0160.md b/2014/CVE-2014-0160.md
@@ -243,6 +243,7 @@ The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not p
 - https://github.com/bwmelon97/SE_HW_2
 - https://github.com/bysart/devops-netology
 - https://github.com/c0D3M/crypto
+- https://github.com/c0d3cr4f73r/CVE-2014-0160_Heartbleed
 - https://github.com/caiqiqi/OpenSSL-HeartBleed-CVE-2014-0160-PoC
 - https://github.com/carpedm20/awesome-hacking
 - https://github.com/caseres1222/libfuzzer-workshop

diff --git a/2014/CVE-2014-6271.md b/2014/CVE-2014-6271.md
@@ -201,6 +201,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th
 - https://github.com/Ra7mo0on/PayloadsAllTheThings
 - https://github.com/RainMak3r/Rainstorm
 - https://github.com/Ratlesv/Shock
+- https://github.com/RepTambe/TryHackMeSOCPath
 - https://github.com/RickDeveloperr/lista-de-Ferramentas-hacker
 - https://github.com/Riyasachan/Shockpot
 - https://github.com/RuanMuller/bro-shellshock

diff --git a/2021/CVE-2021-29369.md b/2021/CVE-2021-29369.md
@@ -0,0 +1,17 @@
+### [CVE-2021-29369](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29369)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands.
+
+### POC
+
+#### Reference
+- https://www.npmjs.com/package/@rkesters/gnuplot
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2022/CVE-2022-25022.md b/2022/CVE-2022-25022.md
@@ -10,7 +10,7 @@ A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to e
 ### POC
 
 #### Reference
-No PoCs from references.
+- http://danpros.com
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

diff --git a/2023/CVE-2023-2670.md b/2023/CVE-2023-2670.md
@@ -11,6 +11,7 @@ A vulnerability was found in SourceCodester Lost and Found Information System 1.
 
 #### Reference
 - https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2670.md
+- https://vuldb.com/?id.228886
 
 #### Github
 - https://github.com/tht1997/tht1997

diff --git a/2023/CVE-2023-34205.md b/2023/CVE-2023-34205.md
@@ -0,0 +1,17 @@
+### [CVE-2023-34205](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34205)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack (aka XSW).
+
+### POC
+
+#### Reference
+- https://github.com/moov-io/signedxml/issues/23
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-34616.md b/2023/CVE-2023-34616.md
@@ -0,0 +1,17 @@
+### [CVE-2023-34616](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34616)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered pbjson thru 0.4.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
+
+### POC
+
+#### Reference
+- https://github.com/InductiveComputerScience/pbJson/issues/2
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-34735.md b/2023/CVE-2023-34735.md
@@ -0,0 +1,17 @@
+### [CVE-2023-34735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34735)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection.
+
+### POC
+
+#### Reference
+- https://github.com/prismbreak/vulnerabilities/issues/4
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-34916.md b/2023/CVE-2023-34916.md
@@ -0,0 +1,17 @@
+### [CVE-2023-34916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34916)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java.
+
+### POC
+
+#### Reference
+- https://github.com/fuge/cms/issues/4
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-39010.md b/2023/CVE-2023-39010.md
@@ -0,0 +1,17 @@
+### [CVE-2023-39010](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39010)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file.
+
+### POC
+
+#### Reference
+- https://github.com/lessthanoptimal/BoofCV/issues/406
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-39017.md b/2023/CVE-2023-39017.md
@@ -0,0 +1,17 @@
+### [CVE-2023-39017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39017)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+** DISPUTED ** quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.
+
+### POC
+
+#### Reference
+- https://github.com/quartz-scheduler/quartz/issues/943
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-39073.md b/2023/CVE-2023-39073.md
@@ -0,0 +1,17 @@
+### [CVE-2023-39073](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39073)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request.
+
+### POC
+
+#### Reference
+- https://gist.github.com/ph4nt0mbyt3/9456312e867c10de8f808250ec0b12d3
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-39108.md b/2023/CVE-2023-39108.md
@@ -10,7 +10,7 @@ rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) vi
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/zer0yu/CVE_Request/blob/master/rConfig/rConfig_path_b.md
 
 #### Github
 - https://github.com/zer0yu/CVE_Request

diff --git a/2023/CVE-2023-39113.md b/2023/CVE-2023-39113.md
@@ -0,0 +1,17 @@
+### [CVE-2023-39113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39113)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga.
+
+### POC
+
+#### Reference
+- https://github.com/miniupnp/ngiflib/issues/27
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-39115.md b/2023/CVE-2023-39115.md
@@ -11,6 +11,7 @@ install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Scrip
 
 #### Reference
 - http://packetstormsecurity.com/files/173950/Campcodes-Online-Matrimonial-Website-System-3.3-Cross-Site-Scripting.html
+- https://github.com/Raj789-sec/CVE-2023-39115
 - https://www.exploit-db.com/exploits/51656
 
 #### Github

diff --git a/2023/CVE-2023-39121.md b/2023/CVE-2023-39121.md
@@ -10,6 +10,7 @@ emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the com
 ### POC
 
 #### Reference
+- https://github.com/safe-b/CVE/issues/1
 - https://github.com/safe-b/CVE/issues/1#issue-1817133689
 
 #### Github

diff --git a/2023/CVE-2023-39325.md b/2023/CVE-2023-39325.md
@@ -12,7 +12,7 @@ A malicious HTTP/2 client which rapidly creates requests and immediately resets
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://go.dev/issue/63417
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

diff --git a/2023/CVE-2023-39350.md b/2023/CVE-2023-39350.md
@@ -0,0 +1,17 @@
+### [CVE-2023-39350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39350)
+![](https://img.shields.io/static/v1?label=Product&message=FreeRDP&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.11.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-191%3A%20Integer%20Underflow%20(Wrap%20or%20Wraparound)&color=brighgreen)
+
+### Description
+
+FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+
+### POC
+
+#### Reference
+- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-39351.md b/2023/CVE-2023-39351.md
@@ -0,0 +1,17 @@
+### [CVE-2023-39351](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39351)
+![](https://img.shields.io/static/v1?label=Product&message=FreeRDP&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.11.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%3A%20NULL%20Pointer%20Dereference&color=brighgreen)
+
+### Description
+
+FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling.  Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+
+### POC
+
+#### Reference
+- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-39357.md b/2023/CVE-2023-39357.md
@@ -0,0 +1,18 @@
+### [CVE-2023-39357](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357)
+![](https://img.shields.io/static/v1?label=Product&message=cacti&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.2.25%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
+
+### Description
+
+Cacti is an open source operational monitoring and fault management framework. A defect in the sql_save function was discovered. When the column type is numeric, the sql_save function directly utilizes user input. Many files and functions calling the sql_save function do not perform prior validation of user input, leading to the existence of multiple SQL injection vulnerabilities in Cacti. This allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+
+### POC
+
+#### Reference
+- https://github.com/Cacti/cacti/security/advisories/GHSA-6jhp-mgqg-fhqg
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-39360.md b/2023/CVE-2023-39360.md
@@ -0,0 +1,17 @@
+### [CVE-2023-39360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360)
+![](https://img.shields.io/static/v1?label=Product&message=cacti&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.2.25%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data. The vulnerability is found in `graphs_new.php`. Several validations are performed, but the `returnto` parameter is directly passed to `form_save_button`. In order to bypass this validation, returnto must contain `host.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.
+
+### POC
+
+#### Reference
+- https://github.com/Cacti/cacti/security/advisories/GHSA-gx8c-xvjh-9qh4
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-39366.md b/2023/CVE-2023-39366.md
@@ -0,0 +1,17 @@
+### [CVE-2023-39366](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39366)
+![](https://img.shields.io/static/v1?label=Product&message=cacti&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.2.25%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The `data_sources.php` script displays the data source management information (e.g. data source path, polling configuration etc.) for different data visualizations of the _cacti_ app. CENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.
+
+### POC
+
+#### Reference
+- https://github.com/Cacti/cacti/security/advisories/GHSA-rwhh-xxm6-vcrv
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-39511.md b/2023/CVE-2023-39511.md
@@ -0,0 +1,17 @@
+### [CVE-2023-39511](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39511)
+![](https://img.shields.io/static/v1?label=Product&message=cacti&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.2.25%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `reports_admin.php` displays reporting information about graphs, devices, data sources etc. _CENSUS_ found that an adversary that is able to configure a malicious device name, related to a graph attached to a report, can deploy a stored XSS attack against any super user who has privileges of viewing the `reports_admin.php` page, such as administrative accounts. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/reports_admin.php` when the a graph with the maliciously altered device name is linked to the report. This issue has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to upgrade should manually filter HTML output.
+
+### POC
+
+#### Reference
+- https://github.com/Cacti/cacti/security/advisories/GHSA-5hpr-4hhc-8q42
+
+#### Github
+No PoCs found on GitHub currently.
+