Input processing vulnerabilities
Insecure deserialization Insecure deserialization is when user-controllable data is deserialised by a website. This potentially enables an attacker to manipulate serialised objects… Read more
Input processing vulnerabilities Input validation is a frequently-used technique for checking potentially dangerous inputs in order to ensure that the inputs are safe… Read more
Spring4Shell as a class injection example Two serious vulnerabilities leading to remote code execution (RCE) have been found in the popular Spring framework, one in Spring… Read more
JNDI injection Java Naming and Directory Interface (JNDI) is a Java API that allows clients to discover and look up data and… Read more
JNDI injection. Log4Shell case study On December 10, 2021, Apache released a fix for CVE-2021-44228, a critical RCE vulnerability affecting Log4j that is being exploited… Read more
JNDI injection. JDBC Preventing JNDI injection vulnerabilities by using a source code review is always a good idea. Read more