DiDi Super-Jacoco 命令注入漏洞

DiDi Super-Jacoco is a one-stop JAVA code full/diff coverage collection platform from China's DiDi DiDi company. A command injection vulnerability exists in DiDi Super-Jacoco version 1.0, which stems from the parameter uuid in the file /cov/triggerEnvCov that can lead to command injection...