New SSRF JDK Gadgets in XStream 1.4.17

37 views

Skip to first unread message

中段

unread,

Jun 4, 2021, 4:38:45 AM6/4/21

to XStream User

Hello,

I found a new SSRF gadget which bypassed the newest default blacklist, and want to report this issue to XStream. How can i report this issue's detail?

Jörg Schaible

unread,

Jun 7, 2021, 5:54:16 PM6/7/21

to XStream User

Hi,

You have been invited to XStream's Security list. Please report details there.

Regards,
Jörg

Reply all

Reply to author

Forward

0 new messages