ÿÖÜÉý¼¶Í¨¸æ-2022-08-03

Ðû²¼Ê±¼ä 2022-08-03

ÐÂÔöÊÂÎñ

 

ÊÂÎñÃû³Æ£º

HTTP_ÌáȨ¹¥»÷_Spring-Data-MongoDB_SpEL±í´ïʽעÈë_ÏÂÁîÖ´ÐÐ

Çå¾²ÀàÐÍ£º

Çå¾²Îó²î

ÊÂÎñÐÎò£º

SpringDataforMongoDBÊÇSpringDataÏîÄ¿µÄÒ»²¿·Ö£¬£¬£¬¸ÃÏîÄ¿Ö¼ÔÚΪеÄÊý¾Ý´æ´¢ÌṩÊìϤºÍÒ»ÖµĻùÓÚSpringµÄ±à³ÌÄ£×Ó£¬£¬£¬Í¬Ê±±£´æ´æ´¢µÄÌض¨ÌØÕ÷ºÍ¹¦Ð§¡£¡£¡£¡£¡£6ÔÂ20ÈÕ£¬£¬£¬VMwareÐû²¼Ç徲ͨ¸æ£¬£¬£¬ÐÞ¸´ÁËSpringDataMongoDBÖеÄÒ»¸öSpEL±í´ïʽעÈëÎó²î£¨CVE-2022-22980£©£¬£¬£¬¸ÃÎó²îµÄCVSSv3ÆÀ·ÖΪ8.2¡£¡£¡£¡£¡£SpringDataMongoDBÓ¦ÓóÌÐòÔÚ¶Ô°üÀ¨ÅÌÎʲÎÊýռλ·ûµÄSpEL±í´ïʽʹÓÃ@Query»ò@Aggregation×¢½âµÄÅÌÎÊÒªÁì¾ÙÐÐÖµ°ó׼ʱ£¬£¬£¬ÈôÊÇÊäÈëδ±»¹ýÂË£¬£¬£¬ÔòÈÝÒ×Êܵ½SpEL×¢Èë¹¥»÷¡£¡£¡£¡£¡£

¸üÐÂʱ¼ä£º

20220803

 

ÊÂÎñÃû³Æ£º

HTTP_Îļþ²Ù×÷¹¥»÷_Ææ°²ÐÅÌìÇæ_ÎļþÉÏ´«

Çå¾²ÀàÐÍ£º

Çå¾²Îó²î

ÊÂÎñÐÎò£º

Ææ°²ÐÅÌìÇæÖÕ¶ËÇå¾²ÖÎÀíϵͳÊÇÆæ°²ÐŵÄÐÂÒ»´úÖÕ¶ËÇå¾²·ÀÓùϵͳ¡£¡£¡£¡£¡£ÆäÖб£´æÎļþÉÏ´«Îó²î£¬£¬£¬¹¥»÷Õß¿ÉÒÔÉÏ´«¶ñÒâÎļþÖÁÖ¸¶¨Ä¿Â¼£¬£¬£¬»ñÈ¡Ä¿µÄϵͳȨÏÞ¡£¡£¡£¡£¡£

¸üÐÂʱ¼ä£º

20220803

 

ÊÂÎñÃû³Æ£º

HTTP_Îļþ²Ù×÷¹¥»÷_·ºÎ¢OA-Ecology-template-import_ÎļþÉÏ´«

Çå¾²ÀàÐÍ£º

Çå¾²Îó²î

ÊÂÎñÐÎò£º

·ºÎ¢ÊÇÓÉ·ºÎ¢ÍøÂ翪·¢µÄOAϵͳ¡£¡£¡£¡£¡£ÆäÖÐ/api/mobilemode/admin/template/import½Ó¿Ú±£´æÎó²î£¬£¬£¬¹¥»÷Õß¿ÉʹÓøÃÎó²îÉÏ´«¶ñÒâѹËõÎļþ£¬£¬£¬Ö²Èëwebshell£¬£¬£¬»ñÈ¡Ä¿µÄϵͳȨÏÞ¡£¡£¡£¡£¡£

¸üÐÂʱ¼ä£º

20220803

 

ÊÂÎñÃû³Æ£º

HTTP_Îļþ²Ù×÷¹¥»÷_·ºÎ¢OA-Ecology_app-import_ÎļþÉÏ´«

Çå¾²ÀàÐÍ£º

Çå¾²Îó²î

ÊÂÎñÐÎò£º

·ºÎ¢ÊÇÓÉ·ºÎ¢ÍøÂ翪·¢µÄOAϵͳ¡£¡£¡£¡£¡£ÆäÖÐ/api/mobilemode/admin/app/import½Ó¿Ú±£´æí§ÒâÎļþÉÏ´«Îó²î£¬£¬£¬¹¥»÷Õß¿ÉʹÓøÃÎó²îÉÏ´«¶ñÒâѹËõÎļþ£¬£¬£¬Ö²Èëwebshell£¬£¬£¬»ñÈ¡Ä¿µÄϵͳȨÏÞ¡£¡£¡£¡£¡£

¸üÐÂʱ¼ä£º

20220803

 

ÊÂÎñÃû³Æ£º

HTTP_Îļþ²Ù×÷¹¥»÷_·ºÎ¢OA-Ecology-skin-import_ÎļþÉÏ´«

Çå¾²ÀàÐÍ£º

Çå¾²Îó²î

ÊÂÎñÐÎò£º

·ºÎ¢ÊÇÓÉ·ºÎ¢ÍøÂ翪·¢µÄOAϵͳ¡£¡£¡£¡£¡£ÆäÖÐ/api/mobilemode/admin/template/import½Ó¿Ú±£´æÎó²î£¬£¬£¬¹¥»÷Õß¿ÉʹÓøÃÎó²îÉÏ´«¶ñÒâѹËõÎļþ£¬£¬£¬Ö²Èëwebshell£¬£¬£¬»ñÈ¡Ä¿µÄϵͳȨÏÞ¡£¡£¡£¡£¡£

¸üÐÂʱ¼ä£º

20220803

 

ÊÂÎñÃû³Æ£º

TCP_ÌáȨ¹¥»÷_Apache-Commons-Configuration_´úÂëÖ´ÐÐ[CVE-2022-33980][CNNVD-202207-428]

Çå¾²ÀàÐÍ£º

Çå¾²Îó²î

ÊÂÎñÐÎò£º

ApacheCommonsConfigurationÊÇÓÃÓÚÖÎÀíÉèÖÃÎļþµÄ×é¼þ£¬£¬£¬ÔÚ2.8ÒÔÇ°µÄ²¿·Ö°æ±¾ÖÐÖ§³ÖÁ˶àÖÖ±äÁ¿È¡Öµ·½·¨£¬£¬£¬°üÀ¨javax.script¡¢dnsºÍurl£¬£¬£¬µ¼Ö¿ÉÒÔÖ´ÐÐí§Òâ´úÂë»ò¾ÙÐÐÍøÂç»á¼û¡£¡£¡£¡£¡£

¸üÐÂʱ¼ä£º

20220803

 

ÐÞ¸ÄÊÂÎñ

 

ÊÂÎñÃû³Æ£º

HTTP_ÌáȨ¹¥»÷_Apache_Shiro_v1.7.1ÒÔÏÂ_·ÇÊÚȨ»á¼û[CVE-2020-17523][CNNVD-202102-238]

Çå¾²ÀàÐÍ£º

Çå¾²Îó²î

ÊÂÎñÐÎò£º

ApacheShiroÊÇÒ»¸öÇ¿Ê¢ÇÒÒ×ÓõÄJavaÇå¾²¿ò¼Ü£¬£¬£¬Ëü¿ÉÒÔÓÃÀ´Ö´ÐÐÉí·ÝÑéÖ¤¡¢ÊÚȨ¡¢ÃÜÂëºÍ»á»°ÖÎÀí¡£¡£¡£¡£¡£ÏÖÔÚ³£¼û¼¯³ÉÓÚÖÖÖÖÓ¦ÓÃÖоÙÐÐÉí·ÝÑéÖ¤£¬£¬£¬ÊÚȨµÈ¡£¡£¡£¡£¡£¹ØÓÚApacheShiro1.7.1֮ǰµÄ°æ±¾£¬£¬£¬µ±½«ApacheShiroÓëSpring¿ØÖÆÆ÷Ò»ÆðʹÓÃʱ£¬£¬£¬¹¥»÷ÕßÌØÖÆÇëÇó¿ÉÄܻᵼÖÂÉí·ÝÑéÖ¤Èƹý¡£¡£¡£¡£¡£

¸üÐÂʱ¼ä£º

20220803


 

ÊÂÎñÃû³Æ£º

HTTP_ÌáȨ¹¥»÷_Elasticsearch_δÊÚȨ»á¼û

Çå¾²ÀàÐÍ£º

Çå¾²Îó²î

ÊÂÎñÐÎò£º

ElasticSearchÊÇÒ»¸ö»ùÓÚLuceneµÄËÑË÷ЧÀÍÆ÷¡£¡£¡£¡£¡£ËüÌṩÁËÒ»¸öÂþÑÜʽ¶àÓû§ÄÜÁ¦µÄÈ«ÎÄËÑË÷ÒýÇ棬£¬£¬»ùÓÚRESTfulweb½Ó¿Ú¡£¡£¡£¡£¡£Elasticsearch¿ÉÄܱ£´æδÊÚȨ»á¼ûÎó²î¡£¡£¡£¡£¡£¸ÃÎó²îµ¼Ö£¬£¬£¬¹¥»÷Õß¿ÉÒÔÓµÓÐElasticsearchµÄËùÓÐȨÏÞ¡£¡£¡£¡£¡ £¿£¿£¿£¿ÉÒÔ¶ÔÊý¾Ý¾ÙÐÐí§Òâ²Ù×÷¡£¡£¡£¡£¡£ÓªÒµÏµÍ³½«ÃæÁÙÃô¸ÐÊý¾Ýй¶¡¢Êý¾Ýɥʧ¡¢Êý¾ÝÔâµ½ÆÆËðÉõÖÁÔâµ½¹¥»÷ÕßµÄÀÕË÷¡£¡£¡£¡£¡£

¸üÐÂʱ¼ä£º

20220803