| tiêu đề | didi super-jacoco 1.0 Command Injection |
|---|
| Mô tả | Super-Jacoco is a platform for collecting full and diff coverage of Java code, developed based on Jacoco and git. It enables the collection of code coverage data with low cost and no intrusion. It is an open-source platform on https://github.com/didi/super-jacoco.
When accessing the triggerEnvCov Interface with special request, unauthorized attackers can execute any command on the target system. Attacker can inject command in the parameter uuid. |
|---|
| Nguồn | ⚠️ https://github.com/didi/super-jacoco/issues/48 |
|---|
| Người dùng | gaogaostone (UID 53740) |
|---|
| Đệ trình | 21/10/2024 03:30 (cách đây 1 Năm) |
|---|
| Kiểm duyệt | 27/10/2024 10:11 (6 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 281986 [didi Super-Jacoco 1.0 /cov/triggerEnvCov uuid nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|