GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Untitled attachment

Download link

https://cyberplace.social/system/media_attachments/files/111/772/200/228/638/835/original/a170df948790e69c.png

Notices where this attachment appears

  1. Embed this notice
    Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 18-Jan-2024 01:23:28 JST Kevin Beaumont Kevin Beaumont
    in reply to

    We have the first vendor product actually vulnerable to that Apache Struts vuln from December 2023 - CVE-2023-50164.

    Product: Trackplus Allegra
    Tailored POC: https://srcincite.io/pocs/src-2024-0001.py.txt
    Advisory: https://srcincite.io/advisories/src-2024-0001/

    Complete with ../.. directory traversal too.

    Disclosure Timeline:

    2023-11-08 – Vulnerability reported to security@struts.apache.org

    2023-12-21 – Silently patched by the vendor

    In conversation about a year ago from cyberplace.social permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.