{"uuid": "434a26ca-8929-4d29-8e4f-7b2e527a015d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40438", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/2849", "content": "Apache \u043c\u0443\u0447\u0430\u044e\u0442\u042a\n\n> If you\u2019re on a blue team and want to protect against this you can look for requests including the string \u201cunix:\u201d followed by a pipe \u201c|\u201d after the argument separator \u201c?\u201d. If the pipe isn\u2019t part of the arguments it will get url encoded and will prevent the vulnerable code path from triggering, hence that restriction. The \u201cunix:\u201d string can be before or after the arguments, but has to be before the pipe.\n\nBuilding a POC for CVE-2021-40438 \nhttps://firzen.de/building-a-poc-for-cve-2021-40438", "creation_timestamp": "2021-10-20T15:00:04.000000Z"}