New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validation Bypass #10
Comments
|
Please, could you share it here ? |
|
I was looking at issue #6, and it seems like we can still bypass the provided fix. In the line where it's checking if the constructors match, it's still possible to just set the constructor of the data we're trying to get validated to mock whatever it's supposed to be. Here's a Proof of Concept: |
manvel-khnkoyan
pushed a commit
that referenced
this issue
Aug 8, 2020
|
The issue was fixed #10 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I'm a security researcher at Sonatype, and I discovered a potential vulnerability in this project. Do you have a preferred way for me to share the details privately, or do you want me to just show you what I've got on this GitHub issue?
The text was updated successfully, but these errors were encountered: