We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
漏洞描述 Apache UIMA 是一个用于分析非结构化内容(比如文本、视频和音频)的组件架构和软件框架实现。 由于Apache UIMA Java SDK在反序列化Java对象时没有验证数据,当应用程序中使用了Vinci 或 CasIOUtils时,攻击者可以通过发送恶意的 CAS 序列化对象执行恶意操作,导致任意代码执行。 ObjectInputFilter读取java序列化数据会严格过滤,可以通过设置全局或上下文特定的ObjectInputFilter来避免这个漏洞产生
参考链接
The text was updated successfully, but these errors were encountered:
No branches or pull requests
漏洞描述
Apache UIMA 是一个用于分析非结构化内容(比如文本、视频和音频)的组件架构和软件框架实现。
由于Apache UIMA Java SDK在反序列化Java对象时没有验证数据,当应用程序中使用了Vinci 或 CasIOUtils时,攻击者可以通过发送恶意的 CAS 序列化对象执行恶意操作,导致任意代码执行。
ObjectInputFilter读取java序列化数据会严格过滤,可以通过设置全局或上下文特定的ObjectInputFilter来避免这个漏洞产生
参考链接
The text was updated successfully, but these errors were encountered: