|
|
|
|
|
|
by danielheath
2310 days ago
|
|
|
There have been vulnerabilities in java and rails caused by deserializing arbitrary classes with given constructor parameters. An attacker just has to find one that (e.g.) accepts a url and a filepath in its constructor and saves the file to that location, and you've (usually) got code execution (by eg overwriting something that gets run frequently). |
|
|