|
|
|
|
|
|
by staticassertion
1436 days ago
|
|
|
Yes, this can pop up in any library. But only because developers aren't taught "don't put remote code execution into your code". You'd think that would be something that someone would teach, but it doesn't really come up. Remember that log4j was vulnerable because of a feature - it all worked as designed. |
|
|