2 matches found
Apache Commons Text RCE
This exploit takes advantage of the StringSubstitutor interpolator class, which is included in the Commons Text library. A default interpolator allows for string lookups that can lead to Remote Code Execution. This is due to a logic flaw that makes the "script", "dns" and "url" lookup keys...
Apache Commons Text 1.9 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Commons Text RCE', 'Description' = %q This exploit takes advantage of the StringSubstitutor interpolator class, which is included in the...