| CVE | Description | CVSS 3 Base score |
|---|---|---|
| CVE-2021-29505 | XStream is vulnerable to a Remote Command Execution attack. | 8.8 |
| CVE-2021-21341 | XStream can cause a Denial of Service. | 7.5 |
| CVE-2021-21342 | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host. | 9.1 |
| CVE-2021-21343 | XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights. | 7.5 |
| CVE-2021-21344 | XStream is vulnerable to an Arbitrary Code Execution attack. | 9.8 |
| CVE-2021-21345 | XStream is vulnerable to a Remote Command Execution attack. | 9.9 |
| CVE-2021-21346 | XStream is vulnerable to an Arbitrary Code Execution attack. | 9.8 |
| CVE-2021-21347 | XStream is vulnerable to an Arbitrary Code Execution attack. | 9.8 |
prabhu prabhu
prabhu
/ reachables.json
Created
October 22, 2023 17:43
Reachables slice for https://github.com/pyn3rd/CVE-2023-34040
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "reachables" : [ | |
| { | |
| "flows" : [ | |
| { | |
| "id" : 44, | |
| "label" : "METHOD_PARAMETER_IN", | |
| "name" : "this", | |
| "fullName" : "", | |
| "signature" : "", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // git clone https://github.com/OWASP/NodeGoat | |
| // Install joern | |
| // importCode("NodeGoat") | |
| val requestPattern = | |
| "req\\.(originalUrl|path|protocol|route|secure|signedCookies|stale|subdomains|xhr|app|pipe|file|files|baseUrl|fresh|hostname|ip|url|ips|method|body|param|params|query|cookies)" | |
| val taintSourcePattern = "(?s)(?i).*" + requestPattern + ".*" | |
| val responsePattern = | |
| "res\\.(append|attachment|cookie|clearCookie|download|end|format|get|json|jsonp|links|location|redirect|render|send|sendFile|sendStatus|set|status|type|vary)" |
prabhu
/ bidi-check.py
Last active
November 2, 2021 15:54
Python: Look for Bi-directional unicode characters in a file or directory. CVE-2021-42574 / https://trojansource.codes/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /usr/bin/env python3 | |
| # python3 bidi-check.py <file or directory> | |
| # This script looks for bi-directional unicode characters. Useful to look for CVE-2021-42574 / https://trojansource.codes/ | |
| import argparse | |
| import codecs | |
| import os | |
| import sys | |
| import unicodedata | |
| bidi_dict = {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # grep -w Bidi_Control /usr/share/unicode/PropList.txt | |
| 061C ; Bidi_Control # Cf ARABIC LETTER MARK | |
| 200E..200F ; Bidi_Control # Cf [2] LEFT-TO-RIGHT MARK..RIGHT-TO-LEFT MARK | |
| 202A..202E ; Bidi_Control # Cf [5] LEFT-TO-RIGHT EMBEDDING..RIGHT-TO-LEFT OVERRIDE | |
| 2066..2069 ; Bidi_Control # Cf [4] LEFT-TO-RIGHT ISOLATE..POP DIRECTIONAL ISOLATE | |
| # Check your files for U+061C, U+200E, U+200F, U+202A, U+202B, U+202C, U+202D, U+202E, U+2066, U+2067, U+2068, U+2069 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # apt install unicode-data | |
| # Copied from /usr/share/unicode/BidiBrackets.txt | |
| # BidiBrackets-13.0.0.txt | |
| # Date: 2019-09-09, 19:31:00 GMT [AG, LI, KW] | |
| # © 2019 Unicode®, Inc. | |
| # Unicode and the Unicode Logo are registered trademarks of Unicode, Inc. in the U.S. and other countries. | |
| # For terms of use, see http://www.unicode.org/terms_of_use.html | |
| # | |
| # Unicode Character Database | |
| # For documentation, see http://www.unicode.org/reports/tr44/ |
prabhu
/ shiftleft-branch.rego
Created
April 3, 2021 12:25
OPA rego policy for branch specific ShiftLeft policy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package shiftleft | |
| default allow = true | |
| runtime := opa.runtime() | |
| sl_app_name := runtime.env.SHIFTLEFT_APP | |
| sl_access_token := runtime.env.SHIFTLEFT_ACCESS_TOKEN | |
| payload := io.jwt.decode(sl_access_token) | |
| sl_org_id := payload[1].orgID | |
| headers := {"Content-Type": "application/json", "Authorization": sprintf("Bearer %s", [sl_access_token])} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package shiftleft | |
| default allow = true | |
| runtime := opa.runtime() | |
| sl_app_name := runtime.env.SHIFTLEFT_APP | |
| sl_access_token := runtime.env.SHIFTLEFT_ACCESS_TOKEN | |
| payload := io.jwt.decode(sl_access_token) | |
| sl_org_id := payload[1].orgID | |
| headers := {"Content-Type": "application/json", "Authorization": sprintf("Bearer %s", [sl_access_token])} |
prabhu
/ bitbucket-pipelines.yml
Last active
July 26, 2020 14:16
Bitbucket pipeline step to integrate ShiftLeft Insights script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - step: | |
| name: ShiftLeft NextGen Analysis | |
| script: | |
| - curl https://cdn.shiftleft.io/download/sl > $HOME/sl && chmod a+rx $HOME/sl | |
| - $HOME/sl analyze --no-diagnostic --force --app ${BITBUCKET_REPO_SLUG} --tag branch=${BITBUCKET_BRANCH} --go --cpg $(pwd) | |
| - step: | |
| image: python:3.7-slim | |
| name: ShiftLeft NG SAST Code Insights | |
| script: | |
| - pip install requests |
prabhu
/ shiftleft-bitbucket-insights.py
Created
July 26, 2020 14:13
Python script to present ShiftLeft NG SAST findings as Bitbucket code insights
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # pip install requests | |
| import os | |
| import sys | |
| import requests | |
| # Collect the required variables | |
| APP_ID = os.getenv("BITBUCKET_REPO_SLUG") | |
| SHIFTLEFT_ORG_ID = os.getenv("SHIFTLEFT_ORG_ID") |
NewerOlder