Spring Boot Actuator SBOM endpoint was detected and is exposed without authentication. The endpoint returns a Software Bill of Materials (typically CycloneDX or SPDX JSON) listing every dependency and version shipped with the application, which lets an attacker enumerate the exact library inventory and trivially map it to known CVEs for targeted exploitation.
登录后查看神龙缓存的 POC 文件快照
登录查看