Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/111574234771729123">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 18-Jan-2024 01:23:01 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20250225114715.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a><div><a href="https://cyberplace.social/@GossiTheDog/111574229161610139" rel="in-reply-to">in reply to</a></div></section><article><p>I'm not aware of any vendor product yet that allows anonymous users to upload files, and process the files insecurely.  There probably is one somewhere, and I imagine exploitation will land on that specific vendor.</p><p>Greynoise blog is good btw. <a href="https://www.labs.greynoise.io/grimoire/2023-12-12-apache-struts-cve-2023-50164/" rel="nofollow noreferrer">https://www.labs.greynoise.io/grimoire/2023-12-12-apache-struts-cve-2023-50164/</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2601140#notice-5151852">In conversation</a><time datetime="2024-01-18T01:23:01+09:00" title="Thursday, 18-Jan-2024 01:23:01 JST">about a year ago</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/111574234771729123" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/111574234771729123">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: www.labs.greynoise.io</div><h5><a href="https://www.labs.greynoise.io/grimoire/2023-12-12-apache-struts-cve-2023-50164/">GreyNoise Labs - Talk-A-Blog: Apache Struts2 CVE-2023-50164, File Upload Vulnerability Analysis</a></h5><div> from <span>Remy</span></div></header><div>A new vulnerability in Apache Struts has emerged! Follow us as we take a new twist on reviewing a vulnerability writeup.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 18-Jan-2024 01:23:01 JST Kevin Beaumont
in reply to
I'm not aware of any vendor product yet that allows anonymous users to upload files, and process the files insecurely. There probably is one somewhere, and I imagine exploitation will land on that specific vendor.
Greynoise blog is good btw. https://www.labs.greynoise.io/grimoire/2023-12-12-apache-struts-cve-2023-50164/
In conversationabout a year ago from cyberplace.socialpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: www.labs.greynoise.io
  GreyNoise Labs - Talk-A-Blog: Apache Struts2 CVE-2023-50164, File Upload Vulnerability Analysis
  from Remy
  A new vulnerability in Apache Struts has emerged! Follow us as we take a new twist on reviewing a vulnerability writeup.

Public

Embed Notice

HTML Code

Corresponding Notice