daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2021/CVE-2021-27850.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-05-17 12:25:59 -04:00
parent 9912cc6edb
commit 2b78e6883b
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2021/CVE-2021-27850.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2021-27850
info:
name: Apache Tapestry - Arbitrary class download
name: Apache Tapestry - Remote Code Execution
author: pdteam
severity: critical
description: |
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL.
Apache Tapestry contains a critical unauthenticated remote code execution vulnerability. Affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. Note that this vulnerability is a bypass of the fix for CVE-2019-0195. Before that fix it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-27850
classification:
@ -53,3 +53,5 @@ requests:
- 'webtools'
part: body
condition: and
# Enhanced by mp on 2022/05/17