Message11710

Author jeff.allen
Recipients fwierzbicki, jeff.allen, redrain
Date 2018-02-25.09:02:25
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1519549345.93.0.467229070634.issue2491@psf.upfronthosting.co.za>
In-reply-to
Content
Deserialization is the execution of arbitrary code from the source. Are we talking about pickle here or Java serialization? Anything not covered by:

https://blog.nelhage.com/2011/03/exploiting-pickle/
https://www.ibm.com/developerworks/library/j-5things1/

Adding the PM as nosy.
History
Date User Action Args
2018-02-25 09:02:25jeff.allensetmessageid: <1519549345.93.0.467229070634.issue2491@psf.upfronthosting.co.za>
2018-02-25 09:02:25jeff.allensetrecipients: + jeff.allen, fwierzbicki, redrain
2018-02-25 09:02:25jeff.allenlinkissue2491 messages
2018-02-25 09:02:25jeff.allencreate