The vulnerable code uses attacker-controlled input (the list of changed files under documentation/rules in the PR), and interpolates it in a Bash script. In the context of our malicious PRs, this meant that line 18 of the code snippet evaluated to the following, which triggered code execution:
Basic Struct Reflection (1
,详情可参考新收录的资料
Plume and Friendica offer blogging with federation, but they're full social platforms, not
Examples of use,更多细节参见新收录的资料
Continue reading...
// Map an unwritable page. (read-only)。新收录的资料对此有专业解读