Skip to content

Commit

Permalink
Update 20241015001-Java-deserialization-vulnerability.md
Browse files Browse the repository at this point in the history 
Adding the special character in with escape character
  • Loading branch information
@DamoOne
DamoOne authored Oct 15, 2024
1 parent d2b1b50 commit 0fb47b8
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion docs/advisories/20241015001-Java-deserialization-vulnerability.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

## Overview

The WA SOC has been made aware of a vulnerability in Java security framework. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from pac4j-core. An attacker can leverage this vulnerability to exploited an attribute that contains a serialized Java object with a special prefix `{sb64}` and Base64 encoding.
The WA SOC has been made aware of a vulnerability in Java security framework. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from pac4j-core. An attacker can leverage this vulnerability to exploited an attribute that contains a serialized Java object with a special prefix `{\#sb64}` and Base64 encoding.

## What is vulnerable?

Expand Down

0 comments on commit 0fb47b8

Please sign in to comment.