New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Friday the 13th JSON Attacks #108
Comments
I found a warning from README.md:
What i can do for this issue? |
Parse this json maybe auto call the calculator app run:
|
At the moment just make sure your json is from a trusted source when using the |
But now I still facing with a security issue with this, I use the json library in server side and I can not ask my client do not send a msg without $type or reject it. And another side, I must use $type prop for polymorphic JSON serializer (that a reason I choose the lib). I think we should add a solution for these soon. |
Check out |
kindly thank you for support me |
I found the documents from HPE Software Security Research, that talk about a security issue with deserialization method. here all the copy paragraph (from page 5 of file).
Link full document HERE
The text was updated successfully, but these errors were encountered: