Spring Framework insecurely handles PropertyDescriptor objects with data binding

Discussion in 'other security issues & news' started by ronjor, Apr 1, 2022.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    179,130
    Location:
    Texas
    ronjor, Apr 1, 2022
    #1
  2. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,243
    Location:
    Member state of European Union
    Dangerous stuff
    https://www.praetorian.com/blog/spring-core-jdk9-rce/
     
    reasonablePrivacy, Apr 1, 2022
    #2
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    179,130
    Location:
    Texas
    ronjor, Apr 2, 2022
    #3
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...