推 luciferii: 這跟 Sprint4Shell 是不同漏洞 03/31 21:06
推 isaacc: 版主,您標題就弄錯了... 04/01 00:17
→ CMJ0121: :) 樓上兩位大大快回文打臉啊 ~ 04/01 08:53
---
[UPDATE]
打錯也可以打臉我啊 我常常把臉伸出來被打的
two RCE vulnerabilities were being discussed on the internet.[0]
Most of the people talking about them believe they're talking about
"Spring4Shell" (CVE Added: CVE-2022-22965), but in reality they're
swapping notes about CVE-2022-22963.
看來 22963 跟 22965 兩個效果不太一樣
22965 嚴重多了[1] 是 9.8 (critical)
[0]: https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/
[1]: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
※ 編輯: CMJ0121 (1.162.187.40 臺灣), 04/01/2022 08:57:33
推 isaacc: 版主別客氣,目前看起來22965編號已經確認。大家辛苦了 04/01 09:29
推 luciferii: 新ID昨晚剛好出來啊 CVE-2022-22965,分數9.8 04/01 12:02