hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source 
Co-authored-by: Chris Smowton <smowton@github.com>
This commit is contained in:
Artem Smotrakov
2021-06-23 13:23:54 +02:00
committed by GitHub
parent 14e724bce6
commit 0dfb869c5b
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterQuery.inc.qhelp
View File

@@ -14,11 +14,10 @@ it results in remote code execution in the worst case.
</p>
<p>
Here are examples of unsafe exporters: <code>HttpInvokerServiceExporter</code>,
Examples of unsafe exporters include: <code>HttpInvokerServiceExporter</code>,
<code>SimpleHttpInvokerServiceExporter</code>, <code>RmiServiceExporter</code>,
<code>HessianServiceExporter</code>.
</p>
<p>
CVE-2016-1000027 has been assigned to this issue in the Spring Framework.
It is regarded as a design limitation, and can be mitigated but not fixed outright.
@@ -34,4 +33,4 @@ consider using global deserialization filters introduced in JEP 290.
</p>
</recommendation>
</qhelp>
</qhelp>