Unguard has three command injection vulnerabilities:
- Two of them in Java
- The first Java CMD injection that is exploited through the image posting feature of
the
proxy-service - A second Java CMD injection that is exploited through the markdown conversion that
happens when setting a bio string with markdown enabled on the
profile-service
- The first Java CMD injection that is exploited through the image posting feature of
the
- In Lua, through a Lua filter in the
envoy-proxy