minor update

2024-06-03 00:16:00 +05:30 · 2024-06-03 00:16:00 +05:30 · 1aa0726ef9
parent 73693100d6
commit 1aa0726ef9
1 changed files with 14 additions and 4 deletions
--- a/http/cves/2024/CVE-2024-27348.yaml
+++ b/http/cves/2024/CVE-2024-27348.yaml
@ -7,11 +7,11 @@ info:
  description: |
    Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. However, versions prior to 1.3.0 are vulnerable to a remote command execution (RCE) vulnerability in the gremlin component.
  reference:
-    - https://example.com/gremlin-vulnerability-details
    - http://www.openwall.com/lists/oss-security/2024/04/22/3
    - https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication
    - https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9
-    - https://github.com/fkie-cad/nvd-json-data-feeds
+    - https://github.com/Zeyad-Azima/CVE-2024-27348
+    - https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2024-27348
  classification:
    epss-score: 0.00045
    epss-percentile: 0.15047
@ -34,6 +34,16 @@ http:
    matchers-condition: and
    matchers:
      - type: word
-        part: interactsh_protocol # Confirms the HTTP Interaction
+        part: interactsh_protocol # Confirms the DNS Interaction
        words:
-          - "dns"
+          - 'dns'
+
+      - type: word
+        part: body
+        words:
+          - '"inputStream":'
+
+      - type: word
+        part: header
+        words:
+          - 'application/json'