Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
CVE-2018-12023: Block polymorphic deserialization of types from Oracle JDBC driver #2058
There is a potential remote code execution (RCE) vulnerability, if user is
(note: steps 1 and 2 are common steps as explained in https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062)
To solve the issue, 2 types from JDBC driver are blacklisted to avoid their use as "serialization gadgets".
Original vulnerability discoverer: