Risky Deserialization Calls - benryanconversion ( Office Connector Plugin)

The benryanconversion plugin contains a code path that eventually ends up with a partially user-controlled filename being treated as the input for a call to readObject see FileBackedCache.loadFile. To trigger this, an attacker would need to call the following, with a payload in the sheetName...

[9.0] Fix Risky deserialization calls

h3. Issue Summary fix This is reproducible on Data Center: Yes h3. Steps to Reproduce Cannot be reproduced h3. Expected Results Where possible, restrict the set of classes that can be deserialized. OWASP’s recommendation for readObject calls is to subclass the ObjectInputStream class, and overrid...