io.codemodder.codemods.HardenXStreamCodemod.report.json Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of core-codemods Show documentation
Show all versions of core-codemods Show documentation
Codemods for fixing common errors across many Java projects
The newest version!
{
"summary" : "Hardened XStream with a converter to prevent exploitation",
"change": "Added an XStream [Converter](https://x-stream.github.io/converter-tutorial.html) which prevents common exploits",
"reviewGuidanceIJustification" : "We believe this change is safe and effective. The behavior of hardened XStream instances will only be different if the types being deserialized are involved in code execution, which is extremely unlikely to in normal operation.",
"references" : [
"https://x-stream.github.io/security.html",
"http://diniscruz.blogspot.com/2013/12/xstream-remote-code-execution-exploit.html",
"https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream",
"https://x-stream.github.io/CVE-2013-7285.html"
]
}