ghost opened a new issue #46: URL: https://github.com/apache/dubbo-hessian-lite/issues/46
Apache Dubbo默认使用Hessian2作为序列化/反序列化协议。 当使用Hessian2反序列化HashMap对象时,一些存储在HashMap中的函数将被执行。 攻击者可通过构造特定的序列实现任意远程命令执行。 受影响版本为Dubbo 2.7.0至2.7.7;Dubbo 2.6.0至2.6.8;Dubbo 2.5.x。 问下2.7.8版本中有没有修复此漏洞了? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
