confluence_test.go:21: get vuln info S2-062 — Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to remote code execution - same as S2-061. (https://cwiki.apache.org/confluence/display/WW/S2-062)
confluence_test.go:21: get vuln info S2-063 — DoS via OOM owing to not properly checking of list bounds. (https://cwiki.apache.org/confluence/display/WW/S2-063)
confluence_test.go:21: get vuln info S2-064 — DoS via OOM owing to no sanity limit on normal form fields in multipart forms. (https://cwiki.apache.org/confluence/display/WW/S2-064)
confluence_test.go:21: get vuln info S2-065 — Excessive disk usage during file upload (https://cwiki.apache.org/confluence/display/WW/S2-065)
confluence_test.go:21: get vuln info S2-066 — File upload logic is flawed, and allows an attacker to enable paths with traversals (https://cwiki.apache.org/confluence/display/WW/S2-066)
简单写了一下Security+Bulletins的 parser,K师看下有无问题
解析细节
自测情况
单元测试没啥问题。就这样,先睡了