Michael Stepankin

icon indicating a website link https://artsploit.blogspot.com/

icon location London

Results 8 issues of Michael Stepankin

CVEs from GitHub Security Lab

Hey! I think you can add a lot of PoCs from https://securitylab.github.com/advisories/

Update fastjson version from 1.2.67 to 2.0.60

Consider updating fastjson version to 2.0.60 to prevent a number of high severity vulnerabilites. Vulnerability details have been shared with maintainers over email.

Update fastjson version to 2.0.60

Consider updating fastjson version to 2.0.60 to prevent a number of high severity vulnerabilites. Vulnerability details have been shared with maintainers over email.

Security fix: Resolve FastJSON deserialization vulnerability (GHSL-20…

…24-282) - Upgrade FastJSON from 1.2.68 to 2.0.60 for enhanced security - Remove dangerous ParserConfig.setAutoTypeSupport(true) calls - Eliminate deserialization of untrusted data vulnerability - Maintain backward compatibility using com.alibaba.fastjson imports...

Fix GHSL-2025-035 & GHSL-2025-036: Command injection in S3 model download and Spring Actuator Exposure

Fix GHSL-2025-035: Prevent command injection in S3 model downloading - Validate S3 path format to block special characters - Replace Runtime.exec() with ProcessBuilder to prevent shell injection - Blocks --endpoint-url...

Fix GHSL-2025-037: Add Consul ACL authentication to prevent RCE

- Enable Consul ACL with token-based authentication - Use CONSUL_INITIAL_MANAGEMENT_TOKEN environment variable (default: CHANGE-ME-IN-PRODUCTION) - Configure Spring Cloud Consul client to use ACL token - All unauthorized Consul API requests...

PR review

Hi, we need to address the PR with tag: 12345678

Copilot test 2

2 comment

We need to add some additional payload, but I dont remember who suggested them earlier.