漏洞描述
FF4J 中某接口存在任意类实例化漏洞。在存在特定依赖的情况下,攻击者可构造恶意请求造成远程代码执行。官方已于 https://github.com/ff4j/ff4j/pull/625 中修复该漏洞。
ff4j framework 远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC e-cology-springframework-directory-traversal: 泛微OA e-cology springframework 目录遍历
- POC django-framework-exceptions: Django Framework Exceptions
- POC ruby-on-rails-framework-exceptions: Ruby on Rails Framework Exceptions
- POC spring-framework-exceptions: Spring Framework Exceptions
- POC phalcon-framework-source: Phalcon Framework - Source Code Leakage
- POC mobsf-framework-exposure: MobSF Framework - Exposure
- POC mida-eframework-xss: Mida eFramework - Cross-Site Scripting
- POC ecology-springframework-directory-traversal: Ecology Springframework - Local File Inclusion
- Symfony framework debug 存在任意文件读取漏洞
- POC HealthOne-医院后勤保障管理系统 frameworkModuleJob.processApkUpload.upload 任意文件上传漏洞
- Google Android Media framework远程代码执行漏洞(CNVD-2018-12613)
- 泛微OA_org.springframework.web.servlet.ResourceServlet敏感信息泄露
- 泛微Ecology OA org.springframework.web.servlet.ResourceServlet目录穿越漏洞