learnjavabug
learnjavabug copied to clipboard
threedr3am
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-...
Bumps commons-collections4 from 4.0 to 4.1. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [shiro-core](https://github.com/apache/shiro) from 1.5.1 to 1.8.0. Changelog Sourced from shiro-core's changelog. Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed...
Bumps [h2](https://github.com/h2database/h2database) from 1.4.199 to 2.1.210. Release notes Sourced from h2's releases. Version 2.1.210 Two security vulnerabilities in H2 Console (CVE-2022-23221 and possible DNS rebinding attack) are fixed. Persistent databases...
Bumps [dom4j](https://github.com/dom4j/dom4j) from 2.0.0 to 2.0.3. Release notes Sourced from dom4j's releases. version-2.0.3 Branch 2.0.x for Java 1.5 aligned with branch 2.1.x. Improvements Added new factory method org.dom4j.io.SAXReader.createDefault(). It hase...
Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.9.10.4 to 2.9.10.8. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: #...
Hi, I am a user of project **_com.xyh:ajp-bug:1.0-SNAPSHOT_**. I found that its pom file introduced **_9_** dependencies. However, among them, **_2_** libraries (**_22%_**) have not been used by your project...
Dubbo爆出严重漏洞!可导致网站被控制、数据泄露!附解决方案! 最近暴露出来的 Dubbo bug。 [https://mp.weixin.qq.com/s/kREJF8-1EaL_bYh3a6m35Q](https://mp.weixin.qq.com/s/kREJF8-1EaL_bYh3a6m35Q)
Metadata
Owner
Metadata
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-...