acme.sh 存在 RCE 漏洞，已经被国产 HiCA 利用 | 今天abc看了啥🤔

18:11 · 2023年6月9日 · 周五

acme.sh 存在 RCE 漏洞，已经被国产 HiCA 利用
https://github.com/acmesh-official/acme.sh/issues/4659

相关讨论：
https://www.v2ex.com/t/947389
https://twitter.com/mholt6/status/1666920303279349760
关于 HiCA：https://www.v2ex.com/t/868344

acme.sh runs arbitrary commands from a remote server · Issue #4659 · acmesh-official/acme.sh

Hello, You may already be aware of this, but HiCA is injecting arbitrary code/commands into the certificate obtaining process and acme.sh is running them on the client machine. I am not sure if thi...

Powered by BroadcastChannel & Sepia