CVE-2020-10673 PoC — FasterXML jackson-databind 安全漏洞

Source

https://github.com/Al1ex/CVE-2020-10673

Associated Vulnerability

Title:FasterXML jackson-databind 安全漏洞 (CVE-2020-10673)
Description:FasterXML jackson-databind是FasterXML公司的一个基于JAVA可以将XML和JSON等数据格式与JAVA对象进行转换的库。Jackson可以轻松的将Java对象转换成json对象和xml文档，同样也可以将json、xml转换成Java对象。 FasterXML jackson-databind 2.9.10.4之前的2.x版本中存在安全漏洞，该漏洞源于com.caucho.config.types.ResourceRef（caucho-quercus）进行了不安全的反序列化

Description

CVE-2020-10673:jackson-databind RCE

Readme

# CVE-2020-10673
CVE-2020-10673:jackson-databind RCE

File Snapshot


 [4.0K]  /data/pocs/b2fd9d7554b9b55b810ec1442d4e1cc7bc768424
├── [  81]  JacksonTest.iml
├── [3.9K]  pom.xml
├── [  53]  README.md
├── [4.0K]  src
│   ├── [4.0K]  main
│   │   └── [4.0K]  java
│   │       └── [4.0K]  com
│   │           └── [4.0K]  jacksonTest
│   │               ├── [ 191]  App.java
│   │               └── [ 617]  Poc.java
│   └── [4.0K]  test
│       └── [4.0K]  java
│           └── [4.0K]  com
│               └── [4.0K]  jacksonTest
│                   └── [ 307]  AppTest.java
└── [4.0K]  target
    ├── [4.0K]  classes
    │   └── [4.0K]  com
    │       └── [4.0K]  jacksonTest
    │           ├── [ 545]  App.class
    │           └── [1.2K]  Poc.class
    └── [4.0K]  test-classes
        └── [4.0K]  com
            └── [4.0K]  jacksonTest
                └── [ 477]  AppTest.class

16 directories, 9 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!