LQxdu issues

Repositories
Issues
Comments

Results 3 issues of


                                            LQxdu

`HessianSerializer` and `Hessian1Serializer` Deserialization Vulnerability in NettyRpc

### Problem Statement NettyRPC supports the utilization of the `HessianSerializer` and `Hessian1Serializer` protocol within its RPC communication framework. We discovered that attackers can achieve Remote Code Execution(RCE) attacks by sending...

Expression Injection Vulnerability report

### Summary OperaPrestoDriver utilizes the commons-jxpath library’s APIs to parse collection JXPath queries but lacks essential security configurations. The commons-jxpath library provides powerful expression parsing and evaluation capabilities, including the...

Remote Code Execution Vulnerability Report

### Problem Statement Motan supports the use of the hprose protocol in its RPC communication mechanism. Our analysis reveals that attackers can exploit this by delivering carefully constructed serialized payloads...