-
-
Notifications
You must be signed in to change notification settings - Fork 7.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2023-24163 不处理下吗? #3149
Labels
Comments
原文已经说了,Hutool只是表达式门面的封装,实际漏洞来自于aviator或任意第三方的表达式库。 作为门面无法做到修复。 |
PS: 6.0.0已经将整个ExpressUtil移除。 |
那是有其它的替代,还是说表达式计算ExpressionUtil以后都不支持了? |
@reixuemin 表达式计算很多实现库根本没有对注入的防护,因此删除后没有替代。 如果需要,考虑至今引用原生表达式库使用。 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
参考 murphysecurity/murphysec-jetbrains-plugin#15
The text was updated successfully, but these errors were encountered: