{"vulnerability": "CVE-2020-11100", "sightings": [{"uuid": "5bf9629e-05f3-44f4-a23d-b0bdd90a2d5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11100", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/1336", "content": "#exploit\n1. Node.js third-party modules: \nbunyan 1.8.12 - RCE via insecure command formatting\nhttps://vulners.com/hackerone/H1:902739\n]-> PoC: https://github.com/trentm/node-bunyan/blob/master/bin/bunyan#L1224\n\n2. CVE-2020-11100:\nIn hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8, 2.x - 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing RCE\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2023", "creation_timestamp": "2024-10-31T01:40:27.000000Z"}]}