个人介绍
Kcon、阿里先知白帽大会、Defense.One讲师,多从事安全开发、代码审计。
巧合之下的CVE
- CVE-2021-2109:
Weblogic RCE through JDBC Injection - CVE-2019-17352:
A vulnerability which can bypass the isSafeFile() function in JFinal ,since can upload any kind of files effectively - CVE-2023-46226:
Apache IoTDB: Remote Code Execution (RCE) risk via the UDF - CVE-2024-20931:
Oracle Weblogic T3\IIOP RCE - CNVD-2023-99982:
Apache Drill RCE through JDBC Injection - CVE-2023-48362:
Apache Drill: XXE Vulnerability in XML Format Reader