[infinispan-issues] [JBoss JIRA] (ISPN-9116) Server marshallers/transcoders don't support whitelist when deserializing
Gustavo Fernandes (JIRA)
issues at jboss.org
Mon Jul 2 08:38:00 EDT 2018
[ https://issues.jboss.org/browse/ISPN-9116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gustavo Fernandes updated ISPN-9116:
------------------------------------
Security: (was: Red Hat Internal)
> Server marshallers/transcoders don't support whitelist when deserializing
> -------------------------------------------------------------------------
>
> Key: ISPN-9116
> URL: https://issues.jboss.org/browse/ISPN-9116
> Project: Infinispan
> Issue Type: Bug
> Components: Server
> Affects Versions: 9.3.0.Final, 9.2.5.Final
> Reporter: Gustavo Fernandes
> Assignee: Gustavo Fernandes
>
> The server deserializes binary payloads and json/xml payload without any checks. This happens when:
> * Compatibility mode is on
> * Remote listeners with filters
> * Remote iteration with filters
> * Remote tasks with parameters
> * Server is configured with MediaType.APPLICATION_OBJECT
> * Potentially with JSON and XML contents sent via REST
> The remote endpoints affected are REST, Hot Rod and Memcached.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the infinispan-issues
mailing list