现在我也不知道这频道发了啥了，各位慢慢吃瓜，将就着看联系我请去 @abc1763613206友链儿@cyberElaina@rvalue_daily@billchenlahttps://channel.0w0.besthttps://channel.0w0.best/posts/4958https://channel.0w0.best/posts/4958Fri, 09 Jun 2023 11:52:44 GMT自称 <mark>HiCA</mark> （及其关联产品 Quantum CA）创始人的 GitHub 用户 xiaohuilam (Bruce Lam) 回应称，利用此漏洞的意图是使一般的 CA 签发过程能整合进 ACME.sh，并且 <mark>HiCA</mark> 从未利用此漏洞执行恶意代码。Bruce 也提到其已经关闭 <mark>HiCA</mark> 项目直到调查结束。<br /><br /><a href="https://github.com/acmesh-official/acme.sh/issues/4659#issuecomment-1584414218" target="_blank">https://github.com/acmesh-official/acme.sh/issues/4659#issuecomment-1584414218</a><br /><br />thread: <a href="https://t.me/outvivid/4231" target="_blank">/4231</a><br /><br /><a href="/search/%23HiCA">#HiCA</a><a href="https://github.com/acmesh-official/acme.sh/issues/4659" target="_blank"> <div>GitHub</div> <div>acme.sh runs arbitrary commands from a remote server · Issue #4659 · acmesh-official/acme.sh</div> <div>Hello, You may already be aware of this, but <mark>HiCA</mark> is injecting arbitrary code/commands into the certificate obtaining process and acme.sh is running them on the client machine. I am not sure if thi...</div> </a>