Open mbechler opened 8 years ago
Not that I would count on the blacklist, but seemingly everyone is copying around these blacklists that are not really getting the root cause of the spring vector. The piece of code that gives the arbitrary method invocation is
org.springframework.core.SerializableTypeWrapper$MethodInvokeTypeProvider
, so that should be blacklisted.
Not that I would count on the blacklist, but seemingly everyone is copying around these blacklists that are not really getting the root cause of the spring vector. The piece of code that gives the arbitrary method invocation is
org.springframework.core.SerializableTypeWrapper$MethodInvokeTypeProvider
, so that should be blacklisted.