Dojo challenge #32 winners!
ID: 0a949877-c1ba-5fe4-ba11-2432ae5b9ce1
STIX ID: report--0a949877-c1ba-5fe4-ba11-2432ae5b9ce1
Feed Name: YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends| RSS Feed
## Executive Summary This write-up describes a Python Class Pollution vulnerability in a web application's merge_config function that lets a crafted JSON payload mutate class internals (via attributes like __class__ and __globals__) to overwrite a COMMAND variable and achieve remote code execution; the author demonstrates a proof-of-concept that reads /tmp/flag.txt and provides mitigation advice including input validation and attribute access restriction.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
