Closed ceki closed 2 years ago
Here are some relevant links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9493 https://nvd.nist.gov/vuln/detail/CVE-2022-23307 https://lists.apache.org/thread/rx0hpjow5csq05r93cyvntj9ry19tm9y
The issue seems to stem from uncontrolled deserialization.
Fixed in 64902fe18ce5 by hardening the code and not removing it.
Here are some relevant links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9493 https://nvd.nist.gov/vuln/detail/CVE-2022-23307 https://lists.apache.org/thread/rx0hpjow5csq05r93cyvntj9ry19tm9y
The issue seems to stem from uncontrolled deserialization.