We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
漏洞描述 Apache Camel 是开源的系统间数据交互集成框架。 在受影响版本中,由于对JDBCAggregationRepository中exchange的实现存在未限制的反序列化逻辑,当攻击者可控制数据库中exchange字段值时,可以反序列化任意类,造成任意代码执行。 在修复版本中,通过校验逻辑限制其仅允许反序列化java及camel自身类。
参考链接
The text was updated successfully, but these errors were encountered:
No branches or pull requests
漏洞描述
Apache Camel 是开源的系统间数据交互集成框架。
在受影响版本中,由于对JDBCAggregationRepository中exchange的实现存在未限制的反序列化逻辑,当攻击者可控制数据库中exchange字段值时,可以反序列化任意类,造成任意代码执行。
在修复版本中,通过校验逻辑限制其仅允许反序列化java及camel自身类。
参考链接
The text was updated successfully, but these errors were encountered: