All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.codemodder.codemods.HardenXStreamCodemod.report.json Maven / Gradle / Ivy

The newest version!
{
  "summary" : "Hardened XStream with a converter to prevent exploitation",
  "change": "Added an XStream [Converter](https://x-stream.github.io/converter-tutorial.html) which prevents common exploits",
  "reviewGuidanceIJustification" : "We believe this change is safe and effective. The behavior of hardened XStream instances will only be different if the types being deserialized are involved in code execution, which is extremely unlikely to in normal operation.",
  "references" : [
    "https://x-stream.github.io/security.html",
    "http://diniscruz.blogspot.com/2013/12/xstream-remote-code-execution-exploit.html",
    "https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream",
    "https://x-stream.github.io/CVE-2013-7285.html"
  ]
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy