Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
&color=brightgreen)
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution.
No PoCs from references.
- https://github.com/20142995/nuclei-templates
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Agilevatester/SpringSecurity
- https://github.com/Agilevatester/SpringSecurityV1
- https://github.com/Ljw1114/SpringFramework-Vul
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/SYRTI/POC_to_review
- https://github.com/SecCoder-Security-Lab/spring-cloud-netflix-hystrix-dashboard-cve-2021-22053
- https://github.com/Vulnmachines/CVE-2021-22053
- https://github.com/WhooAmii/POC_to_review
- https://github.com/ax1sX/SpringSecurity
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/manas3c/CVE-POC
- https://github.com/nBp1Ng/FrameworkAndComponentVulnerabilities
- https://github.com/nBp1Ng/SpringFramework-Vul
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/soosmile/POC
- https://github.com/trhacknon/Pocingit
- https://github.com/whoforget/CVE-POC
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve