You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Because of the implement of Hessian, by constructing a specific serialization stream, it may cause arbitrary code execution when doing deserialization. It is recommended that users configure blacklist or whitelist to solve the problem.
The blacklist built into the project comes from internal practices and external contributions, and is for reference only and is not actively updated. For more rigorous verification, please use the whitelist feature.
The text was updated successfully, but these errors were encountered:
Hessian 是一种二进制序列化协议。
由于 Hessian 自身实现关系,通过构造特定的序列化流,经过反序列化后可能会造成任意代码执行,存在安全风险,建议用户配置黑名单或白名单的方式来解决该问题。
本项目内置的黑名单来自内部实践和外部贡献,仅供参考,不做主动更新。如需要更严格的校验,请使用白名单功能。
Hessian is a binary serialization protocol.
Because of the implement of Hessian, by constructing a specific serialization stream, it may cause arbitrary code execution when doing deserialization. It is recommended that users configure blacklist or whitelist to solve the problem.
The blacklist built into the project comes from internal practices and external contributions, and is for reference only and is not actively updated. For more rigorous verification, please use the whitelist feature.
The text was updated successfully, but these errors were encountered: