27 matches found
New in Spring 6.1: RestClient
Spring Framework 6.1 M2 introduces the RestClient, a new synchronous HTTP client. As the name suggests, RestClient offers the fluent API of WebClient with the infrastructure of RestTemplate. Fourteen years ago, when RestTemplate was introduced in Spring Framework 3.0, we quickly discovered that...
Jettison 缓冲区错误漏洞
Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX. Jettison 3.3 and earlier versions of a security vulnerability , the vulnerability stems from allowing an attacker to cause a denial of service...
The vulnerability of the XStream Java library for converting objects to XML or JSON format allows attackers to execute arbitrary code. This vulnerability stems from deficiencies in the deserialization mechanism, enabling attackers to execute unauthorized code.
The vulnerability of the XStream library for converting objects to XML or JSON format is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Xstream Java library for converting objects into XML or JSON formats allows for unlimited loading of dangerous types of files, enabling attackers to load and execute arbitrary code.
The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability could allow an attacker to download and execute arbitrary code by manipulating the...
GHSA-484F-743F-6JX2 Object injection in cookie driver in phpfastcache
Impact An possible object injection has been discovered in cookie driver prior 5.0.13 versions of 5.x releases. Patches The issue has been addressed by enforcing JSON conversion when deserializing Workarounds If you can't fix it, use another driver such as "Files" Filesystem References Fixing...
Object injection in cookie driver in phpfastcache
Impact An possible object injection has been discovered in cookie driver prior 5.0.13 versions of 5.x releases. Patches The issue has been addressed by enforcing JSON conversion when deserializing Workarounds If you can't fix it, use another driver such as "Files" Filesystem References Fixing...
odle: piping security data
I recently published odle which is a Ruby gem and binary that takes XML data from various security tools and outputs their JSON equivalent. The goal is to be 1 simple, 2 fast, and 3 work on many platforms with only one dependency - nokogiri. Below are two examples using odle to convert output fro...