Merge pull request #8637 from j4vaovo/patch-3

fix fp CVE-2021-21234.yaml
projectdiscovery · Nov 17, 2023 · 991e502 · 991e502
2 parents 1113b01 + 57c2490
commit 991e502
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/http/cves/2021/CVE-2021-21234.yaml b/http/cves/2021/CVE-2021-21234.yaml
@@ -14,6 +14,7 @@ info:
     - https://nvd.nist.gov/vuln/detail/CVE-2021-21234
     - https://github.com/lukashinsch/spring-boot-actuator-logview/commit/760acbb939a8d1f7d1a7dfcd51ca848eea04e772
     - https://github.com/lukashinsch/spring-boot-actuator-logview/commit/1c76e1ec3588c9f39e1a94bf27b5ff56eb8b17d6
+    - https://blog.csdn.net/qq_39583774/article/details/123023770#t5
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
     cvss-score: 7.7
@@ -42,12 +43,14 @@ http:
     matchers:
       - type: dsl
         dsl:
+          - "contains(header,'text/plain')"
           - "regex('root:.*:0:0:', body)"
           - "status_code == 200"
         condition: and
 
       - type: dsl
         dsl:
+          - "contains(header,'text/plain')"
           - "contains(body, 'bit app support')"
           - "contains(body, 'fonts')"
           - "contains(body, 'extensions')"