• Home
• io.codemodder
• core-codemods
• 0.93.0
• source code
• report.json

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.codemodder.codemods.DisableAutomaticDirContextDeserializationCodemod.report.json Maven / Gradle / Ivy

{
  "summary" : "Hardened LDAP call against deserialization attacks",
  "change" : "Made the `retobj` field true so LDAP API responses won't be deserialized",
  "reviewGuidanceIJustification" : "The protection works by denying deserialization during processing of an LDAP query which we're confident is intentional in a vanishingly small percentage of usage.",
  "references" : ["https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf", "https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html"]
}