[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-80467":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":12,"openIssues":14,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":14,"stars7d":14,"stars30d":14,"stars90d":14,"forks30d":14,"starsTrendScore":14,"compositeScore":15,"rankGlobal":10,"rankLanguage":10,"license":10,"archived":16,"fork":16,"defaultBranch":17,"hasWiki":18,"hasPages":16,"topics":19,"createdAt":10,"pushedAt":10,"updatedAt":20,"readmeContent":21,"aiSummary":22,"trendingCount":14,"starSnapshotCount":14,"syncStatus":23,"lastSyncTime":24,"discoverSource":25},80467,"CVE-2026-34486","striga-ai\u002FCVE-2026-34486","striga-ai","EncryptInterceptor fail-open bypass in Apache Tomcat Tribes clustering leading to unauthenticated RCE via Java deserialization.","",null,"Java",68,13,0,3.44,false,"master",true,[],"2026-06-12 02:04:02","# CVE-2026-34486\n\nEncryptInterceptor fail-open bypass in Apache Tomcat Tribes clustering leading to unauthenticated RCE via Java deserialization.\n\nAffected: 11.0.19+, 10.1.53+, 9.0.116+.\nFixed in: 11.0.21, 10.1.54, 9.0.117.\n\nFound and reported by Bartlomiej Dmitruk ([striga.ai](https:\u002F\u002Fstriga.ai)).\n\nWriteup: https:\u002F\u002Fstriga.ai\u002Fresearch\u002Ftomcat-tribes-unauth-rce\n\n## Requirements\n\n- Docker\n- Java 21\n- Python 3\n\n## Usage\n\nOne-command reproduction:\n\n```sh\nbash run.sh\n```\n\nThis builds the Docker image, starts Tomcat 11.0.20 with EncryptInterceptor, generates a CC6 gadget chain payload, sends it unencrypted to the Tribes receiver on port 4000, and verifies RCE by checking for `\u002Ftmp\u002Fpwned` inside the container.\n\n## Cleanup\n\n```sh\ndocker rm -f tomcat-encrypt-poc\n```\n","该项目揭示了Apache Tomcat Tribes集群中EncryptInterceptor的fail-open绕过漏洞，导致未经身份验证的远程代码执行（RCE）通过Java反序列化实现。核心功能包括利用Docker环境构建受影响版本的Tomcat实例，并自动发送特制的恶意载荷以触发并验证该漏洞。技术特点在于其简洁的一键式重现流程，支持使用Docker、Java 21和Python 3进行快速搭建与测试。适用于安全研究人员分析漏洞原理、开发者学习如何修复相关安全问题以及企业评估自身系统是否存在类似风险的场景。",2,"2026-06-11 04:00:52","CREATED_QUERY"]