Open YuriyPobezhymov opened 5 months ago
@tooryx any updates?
hi @YuriyPobezhymov,
We are catching up with the backlog, but we are a limited number of people. Please bear with us, we are getting there.
~tooryx
@tooryx, why the PR is still pending? So long time ago...
Hey,
this PR for the Vuln Detector Plugin for https://nvd.nist.gov/vuln/detail/CVE-2024-21650 (see https://github.com/google/tsunami-security-scanner-plugins/issues/366)
In order to verify the vulnerability, I used two different docker environment types, one for the vulnerable version and the other for the fixed version.
To get them pls clone https://github.com/xwiki/xwiki-docker.git. There are several versions of XWiki. I did use all of them for testing purpose. "15" folder contains latest one.
I can show you how to prepare it for testing:
To run vulnerable version:
docker-compose --env-file .env-true-positive -p xwiki-true-positive up -d
Fixed version:
docker-compose --env-file .env-true-negative -p xwiki-true-negative up -d