whoami

  • 邮箱: echo ‘OTI5ODExMzEzQHFxLmNvbQo=’|base64 -d

热爱阅读Java开源项目源码,学习同道们的优秀杰作,吸纳他们的设计和思想,并顺手审计安全漏洞,捡捡漏洞。兴趣使然,可以非常专注而不觉任何痛苦的持续长时间写代码,反正就是越写越兴奋,时常为了生活要很克制写代码的欲望。我的梦想是设计开发出一款著名全世界的开源Java系统。

随手贡献的一些安全漏洞编号

Alibaba-Sentinel

  • CVE-2021-44139: sentinel-dashboard component pre-authentication SSRF

h2\h2database

Spring Cloud Netflix Hystrix Dashboard

  • CVE-2021-22053: Spring Cloud Netflix Hystrix Dashboard template resolution vulnerability

Alibaba-Druid

Alibaba-Nacos

Apache-Dubbo

WebLogic

XStream

  • CVE-2021-21341: XStream can cause a Denial of Service
  • CVE-2021-21347: XStream is vulnerable to an Arbitrary Code Execution attack
  • CVE-2021-21348: XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)
  • CVE-2021-21349: A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
  • CVE-2021-21350: XStream is vulnerable to an Arbitrary Code Execution attack

Spring Cloud Netflix Zuul

  • CVE-2021-22113: Spring Cloud Netflix Zuul “Sensitive Headers” Bypass Vulnerability

Apache Ambari

Apache Pulsar Manager

Apache-Tomcat

FasterXML/jackson-databind