Y
Hacker News
new
|
ask
|
show
|
jobs
by
bzzzt
1653 days ago
Newer Java versions disable deserialization of remote classes via LDAP. You're still vulnerable to deserialization of existing classes, but to exploit that there have to be exploitable classes on the classpath already.