logback serialization vulnerability - Githubissues

apache / incubator-seata-samples

Apache Seata(incubating) Samples for Java

https://seata.apache.org/

Apache License 2.0

2.27k stars 1.91k forks source link

logback serialization vulnerability #664

Closed slievrly closed 5 months ago

slievrly commented 5 months ago

[ ] I have searched the issues of this repository and believe that this is not a duplicate.

Ⅰ. Issue Description

https://github.com/apache/incubator-seata-samples/security/dependabot?q=is%3Aopen+logback

Ⅱ. Describe what happened

If there is an exception, please attach the exception trace:

Just paste your stack trace here!

Ⅲ. Describe what you expected to happen

Ⅳ. How to reproduce it (as minimally and precisely as possible)

xxx
xxx
xxx

Minimal yet complete reproducer code (or URL to code):

Ⅴ. Anything else we need to know?

Ⅵ. Environment:

JDK version(e.g. java -version):
Seata client/server version:
Database version:
OS(e.g. uname -a):
Others: