漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution.
漏洞信息
N/A
漏洞
N/A
漏洞
Apache Flex BlazeDS 安全漏洞
漏洞信息
Apache Flex BlazeDS是美国阿帕奇(Apache)软件基金会的一套基于服务器的Java远程和Web通讯工具。该工具支持开发者连接后端分布式数据和实时数据推送等。 Apache Flex BlazeDS 4.7.2及之前的版本中存在远程代码执行漏洞。远程攻击者可通过发送特制的AMF3消息利用该漏洞在受影响应用程序的上下文中执行任意代码。
漏洞信息
N/A
漏洞
N/A