mirror of
https://github.com/github/codeql.git
synced 2026-04-27 17:55:19 +02:00
288 B
288 B
lgtm,codescanning
- The query "Unsafe Deserialization" (
java/unsafe-deserialization) has been improved to report those cases where SnakeYamlConstructoris used to fix the unmarshaled object graph root's type but injection is still possible in nested nodes of the object graph.