关于我
漏洞研究 / 代码审计 / 漏洞挖掘
Github: https://github.com/yyhylh
一些漏洞挖掘成果:
| 组件 | 编号 | 漏洞 |
|---|---|---|
| Cling | CVE-2020-23622 | SSRF |
| Apache OFBiz | CVE-2021-29200 | RCE |
| Apache Dubbo | CVE-2021-36162 | RCE |
| XStream | CVE-2021-39139 | RCE |
| XStream | CVE-2021-39149 | RCE |
| XStream | CVE-2021-39150 | SSRF |
| XStream | CVE-2021-39140 | DOS |
| Weblogic | CVE-2021-35620 | DOS |
| Apache Solr | CVE-2021-44548 | 信息泄露 |
| 若依CMS | CNVD-2021-32469 | RCE |
| Apache Dubbo | CNVD-2021-49587 | RCE |
| Apache ShenYu | CVE-2022-26650 | DOS |
| Gitblit | CVE-2022-31267 | 越权 |
| Metersphere | CNVD-2022-21839 | XXE |
| Metersphere | CNVD-2022-25897 | 信息泄露 |
| Metersphere | CNVD-2022-37752 | 文件删除 |
| Apache ShardingSphere | CNVD-2022-38428 | RCE |
| Apache Linkis | CVE-2023-27602 | 文件上传 |
| Apache Linkis | CVE-2023-27987 | 认证绕过 |
| Weblogic | CVE-2023-21931 | RCE |
| Weblogic | CVE-2023-21979 | RCE |