Remote code execution through ${script:...} syntax…sigh. This tweet has example syntax https://twitter.com/jschauma/status/1545029104319303680
${script:...}
What are their criteria for severity? On a quick read, this kind of RCE strikes me as worse than “moderate,” particularly given the way interpolation nests, if I’ve understood correctly.
Remote code execution through
${script:...}syntax…sigh. This tweet has example syntax https://twitter.com/jschauma/status/1545029104319303680What are their criteria for severity? On a quick read, this kind of RCE strikes me as worse than “moderate,” particularly given the way interpolation nests, if I’ve understood correctly.