You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "GSS FED (JIRA)" <ji...@apache.org> on 2017/08/17 10:57:00 UTC
[jira] [Created] (CB-13186) HP Fortify SCA - Dynamic Code
Evaluation: Unsafe Deserialization issue in
cordova-plugin-file/src/android/AssetFilesystem.java
GSS FED created CB-13186:
----------------------------
Summary: HP Fortify SCA - Dynamic Code Evaluation: Unsafe Deserialization issue in cordova-plugin-file/src/android/AssetFilesystem.java
Key: CB-13186
URL: https://issues.apache.org/jira/browse/CB-13186
Project: Apache Cordova
Issue Type: Bug
Components: cordova-android, cordova-plugin-file
Affects Versions: 5.1.1
Environment: Android 4 (Crosswalk)
Reporter: GSS FED
Assignee: Joe Bowser
Dynamic Code Evaluation: Unsafe Deserialization
[https://vulncat.hpefod.com/en/detail?id=desc.structural.java.dynamic_code_evaluation_unsafe_deserialization]
Abstract:
在執行階段,還原序列化使用者控制的物件串流可能會讓攻擊者在伺服器上執行任意程式碼、濫用應用程式邏輯和/或造成阻斷服務。
Line:
56
Snippet:
{code:java}
try { ois = new ObjectInputStream(assetManager.open("cdvasset.manifest")); listCache = (Map<String, String[]>) ois.readObject(); lengthCache = (Map<String, Long>) ois.readObject(); listCacheFromFile = true;
{code}
TargetFunction:
FunctionCall: readObject()
Line:
57
Snippet:
{code:java}
ois = new ObjectInputStream(assetManager.open("cdvasset.manifest")); listCache = (Map<String, String[]>) ois.readObject(); lengthCache = (Map<String, Long>) ois.readObject(); listCacheFromFile = true; } catch (ClassNotFoundException e) {
{code}
TargetFunction:
FunctionCall: readObject()
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org