We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
https://github.com/alipay/sofa-hessian/issues/7 that sofa-hessian prevent deserialization by maintaining blacklists. However, the blacklist does not add com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString, and there are cases where it continues to be utilized. Take the following poc as an example: https://mp.weixin.qq.com/s/vW6IgaA_Imc7-_Bac9XNQg
The text was updated successfully, but these errors were encountered:
ok, we will add it later。if you need to fix this security issue now, you can follow this issue #27
Sorry, something went wrong.
Thanks for your contribute~
No branches or pull requests
https://github.com/alipay/sofa-hessian/issues/7 that sofa-hessian prevent deserialization by maintaining blacklists.
However, the blacklist does not add com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString, and there are cases where it continues to be utilized. Take the following poc as an example:
https://mp.weixin.qq.com/s/vW6IgaA_Imc7-_Bac9XNQg
The text was updated successfully, but these errors were encountered: