https://bz.apache.org/bugzilla/show_bug.cgi?id=65736
Bug ID: 65736 Summary: Improve org.apache.naming.factory.BeanFactory to mitigate JNDI injection Product: Tomcat 9 Version: 9.0.55 Hardware: PC OS: Mac OS X 10.1 Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: zhouyanm...@gmail.com Target Milestone: ----- I can reproduce that vulnerability which leverage "org.apache.naming.factory.BeanFactory" and "javax.el.ELProcessor" described in https://www.veracode.com/blog/research/exploiting-jndi-injections-java It would be great if tomcat can do something to mitigate it. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org