MetaSpore icon indicating copy to clipboard operation
MetaSpore copied to clipboard
verified publisher icon meta-soul

Fix GHSL-2025-035 & GHSL-2025-036: Command injection in S3 model download and Spring Actuator Exposure

Open artsploit opened this issue 3 months ago • 0 comments

Fix GHSL-2025-035: Prevent command injection in S3 model downloading

  • Validate S3 path format to block special characters
  • Replace Runtime.exec() with ProcessBuilder to prevent shell injection
  • Blocks --endpoint-url injection and AWS token leakage attempts

Fix GHSL-2025-036: Restrict Spring Actuator endpoint exposure

  • Changed management.endpoints.web.exposure.include from * to health,info,pullConfig
  • Prevents unauthorized access to sensitive endpoints like heapdump, env, beans
  • Maintains required functionality with pullConfig endpoint for Consul configuration refresh

artsploit avatar Nov 11 '25 12:11 artsploit