Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

exploitdb/2025.03.20 package update #47498

Closed
wants to merge 1 commit into from
Closed

exploitdb/2025.03.20 package update #47498

wants to merge 1 commit into from

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Mar 20, 2025

@wolfi-bot
exploitdb/2025.03.20 package update
89e7572 
Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com>
@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr labels Mar 20, 2025
@octo-sts octo-sts bot mentioned this pull request Mar 20, 2025
Closed
@octo-sts octo-sts bot added the bincapz/blocking Bincapz (aka malcontent) scan results detected CRITICALs on the packages. label Mar 20, 2025
@eslerm eslerm added the malcontent/reviewed The malcontent findings in this PR have been manually reviewed by security. label Mar 20, 2025
@stevebeattie
Copy link
Member

For malcontent scanning, this is yet another example where differential analysis would be an improvement. The difference between the prior published version of the exploitdb package and the one prepared for update is:

$ diff -Naur exploitdb-2024.11.26-r0 exploitdb-2025.03.20-r0 | diffstat
 .PKGINFO                                                    |   11 -
 .melange.yaml                                               |  315 ++++++++++++++++++++++++++++++++++
 usr/share/app/exploitdb/exploits/multiple/webapps/52087.txt |   45 ++++
 usr/share/app/exploitdb/exploits/php/webapps/52083.py       |   65 +++++++
 usr/share/app/exploitdb/exploits/php/webapps/52084.txt      |   15 +
 usr/share/app/exploitdb/exploits/php/webapps/52085.py       |  249 ++++++++++++++++++++++++++
 usr/share/app/exploitdb/exploits/php/webapps/52086.txt      |   19 ++
 usr/share/app/exploitdb/exploits/windows/local/52088.txt    |   31 +++
 usr/share/app/exploitdb/files_exploits.csv                  |    6 
 var/lib/db/sbom/exploitdb-2024.11.26-r0.spdx.json           |   87 ---------
 var/lib/db/sbom/exploitdb-2025.03.20-r0.spdx.json           |   87 +++++++++
 11 files changed, 838 insertions(+), 92 deletions(-)

and the malcontent diff output looks like:

$ mal --format simple diff exploitdb-2024.11.26-r0.apk exploitdb-2025.03.20-r0.apk  
++++ added: exploitdb-2025.03.20-r0.apk ∴ /usr/share/app/exploitdb/exploits/php/webapps/52083.py
+3P/sig_base/webshell_php
+3P/sig_base/webshell_php_eval
+anti-static/obfuscation/php
+exec/imports/python
+exec/shell/command
+impact/exploit
+impact/exploit/cve
+impact/remote_access/php
+impact/remote_access/remote_eval
+impact/remote_access/reverse_shell
+net/http/post
+net/url/embedded
+net/url/parse
+net/url/request
++++ added: exploitdb-2025.03.20-r0.apk ∴ /usr/share/app/exploitdb/exploits/php/webapps/52085.py
+anti-static/obfuscation/php
+anti-static/obfuscation/python
+data/base64/decode
+data/base64/encode
+data/encoding/base64
+exec/imports/python
+exec/program
+exec/program/opaque
+exec/shell/command
+fs/path/etc
+fs/path/relative
+fs/path/usr_bin
+impact/exploit
+impact/exploit/cve
+impact/remote_access/remote_eval
+net/http/post
+net/url/embedded
+net/url/request

@octo-sts octo-sts bot closed this Mar 21, 2025
@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Mar 21, 2025

superseded by #47600

@octo-sts octo-sts bot deleted the wolfictl-8e88cd56-d168-476c-bac7-aabd8161b03e branch March 22, 2025 00:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
automated pr bincapz/blocking Bincapz (aka malcontent) scan results detected CRITICALs on the packages. malcontent/reviewed The malcontent findings in this PR have been manually reviewed by security. request-version-update request for a newer version of a package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stevebeattie @eslerm @wolfi-bot