Lim Sim Yee issues

Results 15 issues of


                                            Lim Sim Yee

SSL certificate validation vulnerability fix

**Description** This PR addresses a critical security vulnerability in SSL certificate validation by implementing proper certificate chain verification. The fix replaces an insecure "trust-all" TrustManager with a secure implementation that...

Fix Insecure Deserialization Vulnerability in ObjectInputStream

## Description This PR addresses a critical security vulnerability (CWE-502: Deserialization of Untrusted Data) in our custom [ObjectInputStream] implementation. The vulnerability could allow attackers to execute arbitrary code by exploiting...

Fix: Replace Unsafe Java Deserialization with Jackson Mapper

This PR addresses a critical security vulnerability in the code that could lead to Remote Code Execution (RCE). The code was using Java's built-in ObjectInputStream.readObject() for deserialization, which is known...

Fix Buffer Handling Vulnerabilities in write Method

This PR addresses several security vulnerabilities in the write method implementation related to buffer handling and input validation. This vulnerability was also identifed and fixed in ReadyTalk/avian@0871979, corresponding to CVE-2020-9488....

Fix XSS vulnerability in quote method by escaping HTML special character

**What kind of change does this PR introduce?** > - [ x] Bugfix > - [ ] Feature > - [ ] Code style update (formatting, local variables) > -...

Fix ClassLoader Security Vulnerability

This PR addresses a security vulnerability in our ClassLoader implementation that could lead to SecurityExceptions and application crashes when running under a Java SecurityManager with restricted thread access permissions. This...

Fix Zip Slip Path Traversal Vulnerability

Description This PR addresses a critical security vulnerability known as "Zip Slip" in the [decompressZip] method. This vulnerability allows attackers to overwrite arbitrary files on the file system by exploiting...

Fix Security Vulnerabilities in File Download Utility

## Description This PR addresses several critical security vulnerabilities in the file download utility, including path traversal vulnerabilities, resource management issues, and error handling improvements. This vulnerability was also found...

Fix for CWE-129: Improper Validation of Array Index in write method

The current implementation of write(byte[], int, int) method in write_cloned.java does not properly validate its input parameters: - No null check for the byte array - No validation that offset...

Fix ClassLoader Security Vulnerability

## Description This PR addresses a security vulnerability in the getClassLoader() method where accessing the thread's context class loader could fail under a SecurityManager with restricted thread permissions. **Security Issues...