漏洞描述
Spring Data REST是一个构建在Spring Data之上,为了帮助开发者更加容易地开发REST风格的Web服务。在RESTAPI的Patch方法中(实现RFC6902),path的值被传入setValue,导致执行了SpEL表达式,触发远程命令执行漏洞。
Spring Data Rest 远程命令执行漏洞(CVE-2017-8046)
PoC代码
暂无相关漏洞推荐
-
CVE-2017-8046: Spring Data Rest RCE POC
2025-09-01 | Spring Data RestSpringDataREST是一个构建在SpringData之上,为了帮助开发者更加容易地开发REST风格的Web服务。在RESTAPI的Patch方法中(实现RFC6902),path的值被传入se... -
CVE-2017-8046: Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution POC
2025-08-01 | Spring Data RESTSpring Data REST < 2.6.9 and 3.0.1, Spring Boot < 1.5.9 and 2.0 M6 contain a remote code execu... -
CVE-2017-1000028: GlassFish LFI POC
2025-09-01 | GlassFishGlassFish是一款强健的商业兼容应用服务器,达到产品级质量,可免费用于开发、部署和重新分发。开发者可以免费获得源代码,还可以对代码进行更改。GlassFish漏洞成因:java语义中会把&quo... -
CVE-2017-1000486: Primetek Primefaces 5.x - Remote Code Execution POC
2025-09-01 | Primetek PrimefacesPrimetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution. -
CVE-2017-10271: WebLogic XMLDecoder 反序列化漏洞 CVE-2017-10271 POC
2025-09-01 | WebLogic XMLDecoderVulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WL...