Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PRP: Request Apereo CAS RCE #220

Closed
hh-hunter opened this issue Dec 9, 2021 · 0 comments
Closed

PRP: Request Apereo CAS RCE #220

hh-hunter opened this issue Dec 9, 2021 · 0 comments
Assignees
@hh-hunter
Labels
Contributor queue When a contributor has already one issue/PR in review, we put the following ones on hold with this.

Comments

@hh-hunter
Copy link
Contributor

hh-hunter commented Dec 9, 2021
edited
Loading

Hello,
I would like to start the implementation for a plugin that detects Apereo CAS RCE vulnerability,
Because CAS uses a vulnerable version of Apache LOG4j
The vulnerability should be relatively new and it is a serious problem.
Apache log4j2 is affected from 2.0 to 2.14.1.
The vulnerability has been fixed, but there is no CVE number yet.

Please let me know if this is in scope to start with its development.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hh-hunter hh-hunter

Labels
Contributor queue When a contributor has already one issue/PR in review, we put the following ones on hold with this.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tooryx @maoning @hh-hunter