tooryx
commented
10 months ago Hi @aliluyala,
Given how old these requests are, I will proactively close them. If you still wish to contribute to tsunami, please open issue one at a time.
Thank you, ~tooryx
Hello,
I would like to start the implementation for a plugin that detects SCIMono < v0.0.19 Remote Code Execution Vulnerability details:
Type: SCIMono < v0.0.19 Remote Code Execution Score: 9.10 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H References: https://securitylab.github.com/advisories/GHSL-2020-227-scimono-ssti/
The vulnerability should be remotely exploitable without authentication and user interaction. Yes
The detector should provide a reliable false-positive free detection report. Yes
The detection capability should be easy to verify using both vulnerable and fixed Docker images. Yes, this can be done easily.
The vulnerability should have a relatively large impact radius. Yes,
Please let me know if this is in scope as I've already made the development .