| 제목 | didi super-jacoco 1.0 Command Injection |
|---|
| 설명 | Super-Jacoco is a platform for collecting full and diff coverage of Java code, developed based on Jacoco and git. When accessing the triggerUnitCover Interface with special request, unauthorized attackers can execute any command on the target system. Attacker can inject command in the parameter uuid. |
|---|
| 원천 | ⚠️ https://github.com/didi/super-jacoco/issues/49 |
|---|
| 사용자 | gaogaostone (UID 53740) |
|---|
| 제출 | 2024. 10. 28. AM 07:45 (1 년도 ago) |
|---|
| 모더레이션 | 2024. 11. 06. AM 11:05 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 283315 [didi Super-Jacoco 1.0 /cov/triggerUnitCover uuid 권한 상승] |
|---|
| 포인트들 | 17 |
|---|