• Home
• io.codemodder
• core-codemods
• 0.95.0
• source code
• report.json

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.codemodder.codemods.HardenXStreamCodemod.report.json Maven / Gradle / Ivy

{
  "summary" : "Hardened XStream with a converter to prevent exploitation",
  "change": "Added an XStream [Converter](https://x-stream.github.io/converter-tutorial.html) which prevents common exploits",
  "reviewGuidanceIJustification" : "We believe this change is safe and effective. The behavior of hardened XStream instances will only be different if the types being deserialized are involved in code execution, which is extremely unlikely to in normal operation.",
  "references" : [
    "https://x-stream.github.io/security.html",
    "http://diniscruz.blogspot.com/2013/12/xstream-remote-code-execution-exploit.html",
    "https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream",
    "https://x-stream.github.io/CVE-2013-7285.html"
  ]
}