Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-9116

Server marshallers/transcoders don't support whitelist when deserializing

    XMLWordPrintable

Details

    Description

      The server deserializes binary payloads and json/xml payload without any checks. This happens when:

      • Compatibility mode is on
      • Remote listeners with filters
      • Remote iteration with filters
      • Remote tasks with parameters
      • Server is configured with MediaType.APPLICATION_OBJECT
      • Potentially with JSON and XML contents sent via REST

      The remote endpoints affected are REST, Hot Rod and Memcached.

      Attachments

        Issue Links

          Activity

            People

              gfernand@redhat.com Gustavo Fernandes (Inactive)
              gfernand@redhat.com Gustavo Fernandes (Inactive)
              Diego Lovison Diego Lovison
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: