{"vulnerability": "CVE-2021-2211", "sightings": [{"uuid": "877a674f-b7df-4ab5-b3f7-5d69bea3d354", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22119", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/790", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aApplications that reproduce CVE-2021-22119\nURL\uff1ahttps://github.com/mari6274/oauth-client-exploit", "creation_timestamp": "2021-11-02T15:21:40.000000Z"}, {"uuid": "bf74eda3-1344-481b-b5da-65c9b431b438", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22114", "type": "seen", "source": "https://t.me/cibsecurity/24303", "content": "\u203c CVE-2021-22114 \u203c\n\nAddresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-01T20:43:18.000000Z"}, {"uuid": "f691e7d9-ee1c-414f-8f6e-828d78ff7908", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22119", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/389", "content": "Applications that reproduce #CVE-2021-22119\nhttps://github.com/mari6274/oauth-client-exploit\n\nGenerate malicious files using recently published homoglyphic-attack #CVE-2021-42694\nhttps://github.com/js-on/CVE-2021-42694\n\nmetasploit script #poc about #CVE-2021-36260\nhttps://github.com/TaroballzChen/CVE-2021-36260-metasploit", "creation_timestamp": "2021-11-03T17:55:14.000000Z"}, {"uuid": "ffd94101-ffdc-4c67-92d3-d225c1408e67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22112", "type": "seen", "source": "https://t.me/cibsecurity/24031", "content": "\u203c CVE-2021-22112 \u203c\n\nSpring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-23T22:35:21.000000Z"}, {"uuid": "7def34c5-9d6e-4c0b-8c28-db45d12e3275", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22113", "type": "seen", "source": "https://t.me/cibsecurity/24012", "content": "\u203c CVE-2021-22113 \u203c\n\nApplications using the \u00e2\u20acœSensitive Headers\u00e2\u20ac\ufffd functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the \u00e2\u20acœSensitive Headers\u00e2\u20ac\ufffd restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-23T20:35:28.000000Z"}, {"uuid": "2f9c3c7a-fb03-4183-bf50-c106a6966ad9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22118", "type": "published-proof-of-concept", "source": "Telegram/4IaW8HM2yjDu7ucujR7aPxqi_DTZiexqNYUjvBfQkuAl75s", "content": "", "creation_timestamp": "2021-05-28T14:50:41.000000Z"}]}