MCPcopy Index your code
hub / github.com/burpheart/CVE-2022-39197-patch

github.com/burpheart/CVE-2022-39197-patch @patch-0.2

Chat with this repo
repository ↗ · DeepWiki ↗ · release patch-0.2 ↗ · + Follow
4 symbols 8 edges 2 files 0 documented · 0%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

CVE-2022-39197 patch

CVE-2022-39197 Cobalt Strike XSS 漏洞的一个临时补丁

通过 hook javax.swing.plaf.basic.BasicHTML的isHTMLString方法来禁用swing的html支持

PS: 部分依赖html的页面无法正常渲染(例如 关于页面)

使用方法

将 patch.jar 放入cobaltstrike启动目录下

在cobaltstrike启动参数中加入javaagent 启用补丁

-javaagent:patch.jar

启动cobaltstrike 输出Successfully Patched. 即为禁用成功

====== CVE-2022-39197 patch @burpheart ======
Successfully Patched.

CVE-2022-39197 Cobalt Strike XSS vulnerability patch

Disable html support for swing by hooking the isHTMLString method of javax.swing.plaf.basic.

PS: Some html-dependent pages do not render properly ( Such as About page etc.) Add javaagent to the cobaltstrike startup parameters to enable patching

-javaagent:patch.jar

Start cobaltstrike and output Successfully Patched.

====== CVE-2022-39197 patch @burpheart ======
Successfully Patched.

Core symbols most depended-on inside this repo

premain
called by 0
src/main/java/org/patch/Agent.java
transform
called by 0
src/main/java/org/patch/Swinghtml.java

Shape

Class 2
Method 2

Languages

Java100%

Modules by API surface

src/main/java/org/patch/Swinghtml.java2 symbols
src/main/java/org/patch/Agent.java2 symbols

For agents

$ claude mcp add CVE-2022-39197-patch \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page