Title:Pivotal Software Spring Framework 代码注入漏洞 (CVE-2018-1270) Description:Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
File Snapshot
# Spring Messaging 远程命令执行漏洞 CVE-2018-1270
## 漏洞描述
spring messaging 为 spring 框架提供消息支持,其上层协议是 STOMP,
...
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →