Y
Hacker News
new
|
ask
|
show
|
jobs
by
olivier1664
3208 days ago
To sum up your link, the vulnerability is the use of an unsafe deserialization similar to:
ObjectInputStream ois = new ObjectInputStream(input); MyObject obj = (MyObject)ois.readObject();
https://lgtm.com/blog/finding_unsafe_deserialization_with_ql