Browse Source

REPORT-27588 jackson-databind安全漏洞

research/11.0
zed 5 years ago
parent
commit
5bc0a468ff
  1. 49
      fine-jackson/src/com/fr/third/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java

49
fine-jackson/src/com/fr/third/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java

@ -88,6 +88,55 @@ public class SubTypeValidator
// [databind#2341]: jdom/jdom2 (2.9.9.1) // [databind#2341]: jdom/jdom2 (2.9.9.1)
s.add("org.jdom.transform.XSLTransformer"); s.add("org.jdom.transform.XSLTransformer");
s.add("org.jdom2.transform.XSLTransformer"); s.add("org.jdom2.transform.XSLTransformer");
// [databind#2387], [databind#2460]: EHCache
s.add("net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup");
s.add("net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup");
// [databind#2389]: logback/jndi
s.add("ch.qos.logback.core.db.JNDIConnectionSource");
// [databind#2410]: HikariCP/metricRegistry config
s.add("com.zaxxer.hikari.HikariConfig");
// [databind#2449]: and sub-class thereof
s.add("com.zaxxer.hikari.HikariDataSource");
// [databind#2420]: CXF/JAX-RS provider/XSLT
s.add("org.apache.cxf.jaxrs.provider.XSLTJaxbProvider");
// [databind#2462]: commons-configuration / -2
s.add("org.apache.commons.configuration.JNDIConfiguration");
s.add("org.apache.commons.configuration2.JNDIConfiguration");
// [databind#2469]: xalan2
s.add("org.apache.xalan.lib.sql.JNDIConnectionPool");
// [databind#2478]: comons-dbcp, p6spy
s.add("org.apache.commons.dbcp.datasources.PerUserPoolDataSource");
s.add("org.apache.commons.dbcp.datasources.SharedPoolDataSource");
s.add("com.p6spy.engine.spy.P6DataSource");
// [databind#2498]: log4j-extras (1.2)
s.add("org.apache.log4j.receivers.db.DriverManagerConnectionSource");
s.add("org.apache.log4j.receivers.db.JNDIConnectionSource");
// [databind#2526]: some more ehcache
s.add("net.sf.ehcache.transaction.manager.selector.GenericJndiSelector");
s.add("net.sf.ehcache.transaction.manager.selector.GlassfishSelector");
// [databind#2620]: xbean-reflect
s.add("org.apache.xbean.propertyeditor.JndiConverter");
// [databind#2631]: shaded hikari-config
s.add("org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig");
// [databind#2634]: ibatis-sqlmap, anteros-core
s.add("com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig");
s.add("br.com.anteros.dbcp.AnterosDBCPConfig");
// [databind#2642]: javax.swing (jdk)
s.add("javax.swing.JEditorPane");
DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s); DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
} }

Loading…
Cancel
Save