![]() #2420: Block one more gadget type (cxf-jax-rs).#2109: Canonical string for reference type is built incorrectly.#2058: CVE-2018-12023: Block polymorphic deserialization of types from Oracle JDBC driver.#2052: CVE-2018-12022: Block polymorphic deserialization of types from Jodd-db library.#2032: CVE-2018-11307: Potential information exfiltration with default typing, serialization gadget from MyBatis.#1941: nstructFromCanonical() throws NPE for Unparameterized generic canonical strings.#1931: Two more c3p0 gadgets to exploit default typing issue. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |