BoofCV icon indicating copy to clipboard operation
BoofCV copied to clipboard

Published 20 hours ago verified publisher icon lessthanoptimal

Arbitrary code may be executed in readObject.

Open 75ACOL opened this issue 1 year ago • 0 comments

boofcv.io.UtilIO.load public static <T> T load( String fileName ) { @Nullable URL url = UtilIO.ensureURL(fileName); if (url == null) throw new RuntimeException("Unknown path=" + fileName); try (InputStream fileIn = url.openStream()) { ObjectInputStream in = new ObjectInputStream(fileIn); return (T)in.readObject(); } catch (IOException | ClassNotFoundException e) { throw new RuntimeException(e); } } https://snyk.io/blog/serialization-and-deserialization-in-java/

75ACOL avatar Aug 23 '23 06:08 75ACOL