Code Injection in vitessio/arewefastyet

Valid

Reported on

Feb 22nd 2021

:book: Description

arewefastyet Nightly Benchmarks Project, this package is vulnerable for arbitaryCodeexecution

https://github.com/cmason3/jinjafx

:recycle: Steps To Reproduce-:

  1. git clone http://github.com/vitessio/arewefastyet
  2. run as in poc.png poc

:telescope: POC

poc

💥 Impact

Arbitary code execution

to join this conversation