Download args4j
Author: m | 2025-04-25
Download: args4j-tools.jar (args4j) - args4j-tools JAR file - Latest All Versions. MavenLibs. Search. Home; JAR; args4j; args4j-tools; jar. args4j : args4j-tools Maven Gradle. 1 usages. args4j-tools development-time tool for generating additional artifacits. Homepage Maven Central. Maven Download Click the following link to download the jar file. args4j-2.33-javadoc.jar args4j-2.33-sources.jar args4j-2.33.jar args4j-2.33.pom. Previous; Next; Related Tutorials. Download args4j-2.0.8.jar file; Download args4j-2.0.9.jar file; Download args4j-2.32.jar file; Download args4s_2.10-1.0.0.jar file; Download args4s_2.11-1.0.0.jar file
Download args4j-tools.jar - @args4j - MavenLibs.com
“cache” when an upload request is received. This means both requests need to work in pairs. The Vulnerability and exploit analysis section details how the exploit leverages this behavior to read arbitrary files.Vulnerability and exploit analysisThe endpoint relies on two POST requests: a downloader and an uploader. The downloader executes the commands and retrieves their output, while the uploader contains the commands and their associated arguments. Jenkins connects these two components using the UUID found in the Session header of both requests. Figure 3. Exploit Flow Sequence DiagramAs stated in TrendMicro analysis, when either of these requests is received, the following methods will be called in order: The CliCrumbExecution method will validate the endpoint. The FullDuplexHttpService method will handle the request and response (note that PlainCLIProtocol is used to make the request). Finally, the CmdLineParser method, which utilizes the vulnerable args4j library, will parse arguments from the CLI input.The parseArgument function in args4j is invoked when the Jenkins Server receives a CLI command with arguments. It then calls the expandAtFiles (sink function) to process these arguments. expandAtFiles contains the vulnerable code. Figure 4. Dangerous functionThe expandAtFiles function iterates through the command arguments, looking for an @ character. If found, it reaches the sink function and replaces the @ character and the file path (Figure 7) with the file’s contents. A malicious user can read arbitrary file contents in the target instance if an exploit is successful. Below is a representation of the output in case of success. Figure 5. Local. Download: args4j-tools.jar (args4j) - args4j-tools JAR file - Latest All Versions. MavenLibs. Search. Home; JAR; args4j; args4j-tools; jar. args4j : args4j-tools Maven Gradle. 1 usages. args4j-tools development-time tool for generating additional artifacits. Homepage Maven Central. Maven Download Click the following link to download the jar file. args4j-2.33-javadoc.jar args4j-2.33-sources.jar args4j-2.33.jar args4j-2.33.pom. Previous; Next; Related Tutorials. Download args4j-2.0.8.jar file; Download args4j-2.0.9.jar file; Download args4j-2.32.jar file; Download args4s_2.10-1.0.0.jar file; Download args4s_2.11-1.0.0.jar file Download args4j : args4j JAR file - Latest Versions: Latest Stable: 2.33.jar; All Versions Download args4j : args4j JAR file - All Versions: Version Vulnerabilities Size Download args4j : args4j-tools JAR file - Latest Versions: Latest Stable: 2.33.jar; All Versions Download args4j : args4j-tools JAR file - All Versions: Version Download args4j-.jar. args4j/args4j-.jar.zip( 49 k) The download jar file contains the following class files or Java source files. On the Jenkins controller file system and cause a significant impact.Based on these facts, the following sections describe how we researched how to detect this vulnerability in depth.Technical detailsThe CVE-2024-23897 vulnerability, which can be exploited via HTTP, WebSocket, and Secure Shell (SSH), requires a comprehensive understanding. This report will focus on the HTTP path and conduct a detailed root-cause analysis to understand the flaw, how it can be explored, and how to detect it.BackgroundJenkins includes a built-in Command-Line Interface (CLI) that allows users to interact with the system from script or shell environments. It uses the args4j library to parse command arguments and options to the Jenkins controller during CLI command processing. A vulnerability exists within this library that enables unauthenticated users to read the first few lines of any file on the file system. Authenticated users, on the other hand, can access entire file content.Jenkins-CLI offers users a command-line interface to execute custom commands found in the hudson/cli directory of the Jenkins Git repository. By accessing (which triggers jenkins-cli.jar), as mentioned in the advisory writeup, the endpoint will throw a PlainCliEndpointResponse() exception that ends in the generateResponse function shown in Figure 2. This function handles the CLI connections and returns the response according to what is requested. Figure 2. generateResponse() functionAs can be seen, the download and upload request handlers are connected by the UUID. From observing the code, the download request is added to a services Map and is used to check if it is already in theComments
“cache” when an upload request is received. This means both requests need to work in pairs. The Vulnerability and exploit analysis section details how the exploit leverages this behavior to read arbitrary files.Vulnerability and exploit analysisThe endpoint relies on two POST requests: a downloader and an uploader. The downloader executes the commands and retrieves their output, while the uploader contains the commands and their associated arguments. Jenkins connects these two components using the UUID found in the Session header of both requests. Figure 3. Exploit Flow Sequence DiagramAs stated in TrendMicro analysis, when either of these requests is received, the following methods will be called in order: The CliCrumbExecution method will validate the endpoint. The FullDuplexHttpService method will handle the request and response (note that PlainCLIProtocol is used to make the request). Finally, the CmdLineParser method, which utilizes the vulnerable args4j library, will parse arguments from the CLI input.The parseArgument function in args4j is invoked when the Jenkins Server receives a CLI command with arguments. It then calls the expandAtFiles (sink function) to process these arguments. expandAtFiles contains the vulnerable code. Figure 4. Dangerous functionThe expandAtFiles function iterates through the command arguments, looking for an @ character. If found, it reaches the sink function and replaces the @ character and the file path (Figure 7) with the file’s contents. A malicious user can read arbitrary file contents in the target instance if an exploit is successful. Below is a representation of the output in case of success. Figure 5. Local
2025-04-14On the Jenkins controller file system and cause a significant impact.Based on these facts, the following sections describe how we researched how to detect this vulnerability in depth.Technical detailsThe CVE-2024-23897 vulnerability, which can be exploited via HTTP, WebSocket, and Secure Shell (SSH), requires a comprehensive understanding. This report will focus on the HTTP path and conduct a detailed root-cause analysis to understand the flaw, how it can be explored, and how to detect it.BackgroundJenkins includes a built-in Command-Line Interface (CLI) that allows users to interact with the system from script or shell environments. It uses the args4j library to parse command arguments and options to the Jenkins controller during CLI command processing. A vulnerability exists within this library that enables unauthenticated users to read the first few lines of any file on the file system. Authenticated users, on the other hand, can access entire file content.Jenkins-CLI offers users a command-line interface to execute custom commands found in the hudson/cli directory of the Jenkins Git repository. By accessing (which triggers jenkins-cli.jar), as mentioned in the advisory writeup, the endpoint will throw a PlainCliEndpointResponse() exception that ends in the generateResponse function shown in Figure 2. This function handles the CLI connections and returns the response according to what is requested. Figure 2. generateResponse() functionAs can be seen, the download and upload request handlers are connected by the UUID. From observing the code, the download request is added to a services Map and is used to check if it is already in the
2025-04-19Top 9 Java Command-line Argument Parser Projects picocli 1 31 5,044 7.8 JavaPicocli is a modern framework for building powerful, user-friendly, GraalVM-enabled command line apps with ease. It supports colors, autocompletion, subcommands, and more. In 1 source file so apps can include as source & avoid adding a dependency. Written in Java, usable from Groovy, Kotlin, Scala, etc.Project mention:Making Contributions|dev.to|2024-09-20His project uses picocli for argument parsing. I briefly looked through the documentation and realized it was pretty similar to the clap crate I used for my project. So I mimicked his other code as well as my own understanding of clap. This part was easy. CodeRabbitcoderabbit.aifeaturedCodeRabbit: AI Code Reviews for Developers.Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR. JCommander 2 0 1,987 8.0 JavaCommand line parsing framework for Java JLine 3 7 1,551 9.1 JavaJLine is a Java library for handling console input. Airline 4 0 846 0.0 JavaJava annotation-based framework for parsing Git like command line structures args4j 5 0 790 7.9 Javaargs4j JOpt Simple 7 0 353 3.3 JavaJava library for parsing command line options SaaSHubwww.saashub.comfeaturedSaaSHub - Software Alternatives and Reviews.SaaSHub helps you find the best software and product alternatives airline 8 0 137 6.5 JavaJava annotation-based framework for parsing Git like command line structures with deep extensibility (by rvesse) JewelCLI 9 0 61 0.0 JavaJewelCli uses an annotated interface definition to automatically parse and present command line argumentsNOTE:The open source projects on this list are ordered by number of github stars.The number of mentions indicates repo mentiontions in the last 12 Months orsince we started tracking (Dec 2020).Java Command-line Argument Parsers discussionJava Command-line Argument Parsers related postsMaking Contributions3 projects|dev.to|20 Sep 2024PicoCLI – Powerful command-line parsing library for JavaGraalVM for JDK 21 is here“Why I develop on Windows”Java 20 / JDK 20: General Availability3 projects|/r/java|21 Mar 2023any opinion good or bed about a code that smells?3 projects|/r/java|28 Jan 2023Building a Java CLI. How can I make it more powershell-friendlyA note from our sponsor - CodeRabbitcoderabbit.ai|23 Mar 2025Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.Learn more →IndexSponsoredCodeRabbit: AI Code Reviews for DevelopersRevolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based
2025-04-09The download jar file contains the following class files or Java source files.1.Download jodd-petite-3.4.5.jar2.Download jodd-proxetta-3.4.4-sources.jar3.Download jodd-proxetta-3.4.4.jar4.Download jodd-proxetta-3.4.5-sources.jar5.Download jodd-proxetta-3.4.5.jar6.Download jodd-lagarto-3.4.3-sources.jar7.Download jodd-lagarto-3.4.3.jar8.Download jodd-lagarto-3.4.4-sources.jar9.Download jodd-lagarto-3.4.4.jar10.Download jodd-lagarto-3.4.5-sources.jar11.Download jodd-lagarto-3.4.5.jar12.Download jodd-lagarto-web-3.4.3-sources.jar13.Download jodd-lagarto-web-3.4.3.jar14.Download jodd-lagarto-web-3.4.4-sources.jar15.Download jodd-lagarto-web-3.4.4.jar16.Download jodd-lagarto-web-3.4.5-sources.jar17.Download jodd-lagarto-web-3.4.5.jar18.Download jodd-petite-3.4.3-sources.jar19.Download jodd-petite-3.4.3.jar20.Download jodd-petite-3.4.4-sources.jar21.Download jodd-petite-3.4.4.jar22.Download jodd-proxetta-3.4.3-sources.jar23.Download jodd-proxetta-3.4.3.jar24.Download jodd-joy-3.4.3-sources.jar25.Download jodd-joy-3.4.3.jar26.Download jodd-vtor-3.4.3-sources.jar27.Download jodd-vtor-3.4.3.jar28.Download jodd-vtor-3.4.4-sources.jar29.Download jodd-vtor-3.4.4.jar30.Download jodd-vtor-3.4.5-sources.jar31.Download jodd-vtor-3.4.5.jar32.Download jodd-bean-3.4.4-sources.jar33.Download jodd-bean-3.4.4.jar34.Download jodd-bean-3.4.5-sources.jar35.Download jodd-bean-3.4.5.jar36.Download jodd-wot-3.2.5-sources.jar37.Download jodd-wot-3.2.5.jar38.Download jodd-mail-3.4.0-sources.jar39.Download jodd-mail-3.4.0.jar40.Download jodd-mail-3.4.1-sources.jar41.Download jodd-mail-3.4.1.jar42.Download jodd-mail-3.4.2-sources.jar43.Download jodd-mail-3.4.2.jar44.Download jodd-mail-3.4.3-sources.jar45.Download jodd-mail-3.4.3.jar46.Download jodd-mail-3.4.4-sources.jar47.Download jodd-mail-3.4.4.jar48.Download jodd-mail-3.4.5-sources.jar49.Download jodd-mail-3.4.5.jar50.Download jodd-servlet-3.4.3-sources.jar51.Download jodd-servlet-3.4.3.jar52.Download jodd-servlet-3.4.4-sources.jar53.Download jodd-servlet-3.4.4.jar54.Download jodd-servlet-3.4.5-sources.jar55.Download jodd-servlet-3.4.5.jar56.Download jodd-core-3.4.2-sources.jar57.Download jodd-core-3.4.2.jar58.Download jodd-core-3.4.3-sources.jar59.Download jodd-core-3.4.3.jar60.Download jodd-core-3.4.4-sources.jar61.Download jodd-core-3.4.4.jar62.Download jodd-core-3.4.5-sources.jar63.Download jodd-core-3.4.5.jar64.Download jodd-swingspy-3.4.3-sources.jar65.Download jodd-swingspy-3.4.3.jar66.Download jodd-swingspy-3.4.4-sources.jar67.Download jodd-swingspy-3.4.4.jar68.Download jodd-swingspy-3.4.5-sources.jar69.Download jodd-swingspy-3.4.5.jar70.Download jodd-upload-3.4.3-sources.jar71.Download jodd-upload-3.4.3.jar72.Download jodd-upload-3.4.4-sources.jar73.Download jodd-upload-3.4.4.jar74.Download jodd-upload-3.4.5-sources.jar75.Download jodd-upload-3.4.5.jar76.Download jodd-props-3.4.3-sources.jar77.Download jodd-props-3.4.3.jar78.Download jodd-props-3.4.4-sources.jar79.Download jodd-props-3.4.4.jar80.Download jodd-props-3.4.5-sources.jar81.Download jodd-props-3.4.5.jar82.Download jodd-3.2-sources.jar83.Download jodd-3.2.6.jar84.Download jodd-3.2.7.jar85.Download jodd-3.2.jar86.Download jodd-3.3-sources.jar87.Download jodd-3.3.1-sources.jar88.Download jodd-3.3.1.jar89.Download jodd-3.3.2-sources.jar90.Download jodd-3.3.2.jar91.Download jodd-3.3.3-sources.jar92.Download jodd-3.3.3.jar93.Download jodd-3.3.4-sources.jar94.Download jodd-3.3.4.jar95.Download jodd-3.3.7-sources.jar96.Download jodd-3.3.7.jar97.Download jodd-3.3.8-sources.jar98.Download jodd-3.3.8.jar99.Download jodd-3.3.jar100.Download jodd-core-3.4.0-sources.jar101.Download jodd-core-3.4.0.jar102.Download jodd-core-3.4.1-sources.jar103.Download jodd-core-3.4.1.jar104.Download jodd-db-3.4.0-sources.jar105.Download jodd-db-3.4.0.jar106.Download jodd-db-3.4.1-sources.jar107.Download jodd-db-3.4.1.jar108.Download jodd-db-3.4.2-sources.jar109.Download jodd-db-3.4.2.jar110.Download jodd-joy-3.4.0-sources.jar111.Download jodd-joy-3.4.0.jar112.Download jodd-joy-3.4.1-sources.jar113.Download jodd-joy-3.4.1.jar114.Download jodd-joy-3.4.2-sources.jar115.Download jodd-joy-3.4.2.jar116.Download jodd-jtx-3.4.0-sources.jar117.Download jodd-jtx-3.4.0.jar118.Download jodd-jtx-3.4.1-sources.jar119.Download jodd-jtx-3.4.1.jar120.Download jodd-jtx-3.4.2-sources.jar121.Download jodd-jtx-3.4.2.jar122.Download jodd-lagarto-3.4.0-sources.jar123.Download jodd-lagarto-3.4.0.jar124.Download jodd-lagarto-3.4.1-sources.jar125.Download jodd-lagarto-3.4.1.jar126.Download jodd-lagarto-3.4.2-sources.jar127.Download jodd-lagarto-3.4.2.jar128.Download jodd-lagarto-web-3.4.0-sources.jar129.Download jodd-lagarto-web-3.4.0.jar130.Download jodd-lagarto-web-3.4.1-sources.jar131.Download jodd-lagarto-web-3.4.1.jar132.Download jodd-lagarto-web-3.4.2-sources.jar133.Download jodd-lagarto-web-3.4.2.jar134.Download jodd-madvoc-3.4.0-sources.jar135.Download jodd-madvoc-3.4.0.jar136.Download jodd-madvoc-3.4.1-sources.jar137.Download jodd-madvoc-3.4.1.jar138.Download jodd-madvoc-3.4.2-sources.jar139.Download jodd-madvoc-3.4.2.jar140.Download jodd-petite-3.4.0-sources.jar141.Download jodd-petite-3.4.0.jar142.Download jodd-petite-3.4.1-sources.jar143.Download jodd-petite-3.4.1.jar144.Download jodd-petite-3.4.2-sources.jar145.Download jodd-petite-3.4.2.jar146.Download jodd-proxetta-3.4.0-sources.jar147.Download jodd-proxetta-3.4.0.jar148.Download jodd-proxetta-3.4.1-sources.jar149.Download jodd-proxetta-3.4.1.jar150.Download jodd-proxetta-3.4.2-sources.jar151.Download jodd-proxetta-3.4.2.jar152.Download jodd-servlet-3.4.0-sources.jar153.Download jodd-servlet-3.4.0.jar154.Download jodd-servlet-3.4.1-sources.jar155.Download jodd-servlet-3.4.1.jar156.Download jodd-servlet-3.4.2-sources.jar157.Download jodd-servlet-3.4.2.jar158.Download jodd-swingspy-3.4.0-sources.jar159.Download jodd-swingspy-3.4.0.jar160.Download jodd-swingspy-3.4.1-sources.jar161.Download jodd-swingspy-3.4.1.jar162.Download jodd-swingspy-3.4.2-sources.jar163.Download jodd-swingspy-3.4.2.jar164.Download jodd-upload-3.4.0-sources.jar165.Download jodd-upload-3.4.0.jar166.Download jodd-upload-3.4.1-sources.jar167.Download jodd-upload-3.4.1.jar168.Download jodd-upload-3.4.2-sources.jar169.Download jodd-upload-3.4.2.jar170.Download jodd-vtor-3.4.0-sources.jar171.Download jodd-vtor-3.4.0.jar172.Download jodd-vtor-3.4.1-sources.jar173.Download jodd-vtor-3.4.1.jar174.Download jodd-vtor-3.4.2-sources.jar175.Download jodd-vtor-3.4.2.jar176.Download jodd-wot-3.2-sources.jar177.Download jodd-wot-3.2.6-sources.jar178.Download jodd-wot-3.2.6.jar179.Download jodd-wot-3.2.7-sources.jar180.Download jodd-wot-3.2.7.jar181.Download jodd-wot-3.2.jar182.Download jodd-wot-3.3-sources.jar183.Download jodd-wot-3.3.1-sources.jar184.Download jodd-wot-3.3.1.jar185.Download jodd-wot-3.3.2-sources.jar186.Download jodd-wot-3.3.2.jar187.Download jodd-wot-3.3.3-sources.jar188.Download jodd-wot-3.3.3.jar189.Download jodd-wot-3.3.4-sources.jar190.Download jodd-wot-3.3.4.jar191.Download jodd-wot-3.3.7-sources.jar192.Download jodd-wot-3.3.7.jar193.Download jodd-wot-3.3.8-sources.jar194.Download jodd-wot-3.3.8.jar195.Download jodd-wot-3.3.jar196.Download jodd-madvoc-3.4.3-sources.jar197.Download jodd-madvoc-3.4.3.jar198.Download jodd-madvoc-3.4.4-sources.jar199.Download jodd-madvoc-3.4.4.jar200.Download jodd-madvoc-3.4.5-sources.jar201.Download jodd-madvoc-3.4.5.jar202.Download jodd-wot-3.1.0-sources.jar203.Download jodd-wot-3.1.0.jar204.Download jodd-wot-3.1.1-sources.jar205.Download jodd-wot-3.1.1.jar206.Download jodd-props-3.4.0-sources.jar207.Download jodd-props-3.4.0.jar208.Download jodd-props-3.4.1-sources.jar209.Download jodd-props-3.4.1.jar210.Download jodd-props-3.4.2-sources.jar211.Download jodd-props-3.4.2.jar212.Download jodd-3.1.0-sources.jar213.Download jodd-3.1.0.jar214.Download jodd-3.1.1-sources.jar215.Download jodd-3.1.1.jar216.Download jodd-3.2.5-sources.jar217.Download jodd-3.2.5.jar218.Download jodd-3.2.6-sources.jar219.Download jodd-3.2.7-sources.jar220.Download jodd-joy-3.4.4-sources.jar221.Download jodd-joy-3.4.4.jar222.Download jodd-joy-3.4.5-sources.jar223.Download jodd-joy-3.4.5.jar224.Download jodd-jtx-3.4.3-sources.jar225.Download jodd-jtx-3.4.3.jar226.Download jodd-jtx-3.4.4-sources.jar227.Download jodd-jtx-3.4.4.jar228.Download jodd-jtx-3.4.5-sources.jar229.Download jodd-jtx-3.4.5.jar230.Download jodd-db-3.4.3-sources.jar231.Download jodd-db-3.4.3.jar232.Download jodd-db-3.4.4-sources.jar233.Download jodd-db-3.4.4.jar234.Download jodd-db-3.4.5-sources.jar235.Download jodd-db-3.4.5.jar236.Download jodd-bean-3.4.1-sources.jar237.Download jodd-bean-3.4.1.jar238.Download jodd-bean-3.4.0-sources.jar239.Download jodd-bean-3.4.0.jar240.Download jodd-bean-3.4.2-sources.jar241.Download jodd-bean-3.4.2.jar242.Download jodd-bean-3.4.3-sources.jar243.Download jodd-bean-3.4.3.jar
2025-03-31