cn-panda/logbackRceDemo

cn-panda/logbackRceDemo

GitHubGitHub
GitHubgithub.com
Releases0
Stars86
The project is a simple vulnerability Demo environment written by SpringBoot. Here, I deliberately wrote a vulnerability environment where there are arbitrary file uploads, and then use the `scan` attribute in the loghack configuration file to cooperate with the logback vulnerability to implement RCE.
Log in to subscribe

CVE History

CVEPublishedCVSS v3CVSS v2
CVE-2021-42550
6.6 MEDIUM8.5 HIGH

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.