hsbt
commented
1 year ago @kou We should merge this instead of #35. Because @ooooooo-q has been reported this to h1 at May, 2021.
Closed ooooooo-q closed 1 year ago
hsbt
commented
1 year ago @kou We should merge this instead of #35. Because @ooooooo-q has been reported this to h1 at May, 2021.
kou
commented
1 year ago Thanks.
If we unmarshal all classes, evil clients may run unexpected code.
See https://hackerone.com/reports/1189419 for details.