undefined | Better HN

0 pointsloginatnine3y ago0 comments

Yes but there may be some other Gadget vulnerabilities in all those fields too. Also, you might be able to make an app OOM by setting big string values somewhere in there.

It boggles my mind why this field is accessible at all and wasn't blocked in CVE-2010-1622.

0 comments

bcrosby953y ago

You can make an app OOM by setting big string values anywhere. You gotta handle that at a higher level and reject requests larger than a certain size, which there is already a default for.

tru3_power3y ago

I spent a good amount of time trying to find some gadgets on jdk8 today no dice besides some DoS

j / k navigate · click thread line to collapse