Le mar. 14 déc. 2021 à 17:02, Matt Sicker <boa...@gmail.com> a écrit :
> JNDI supports DNS as one of its protocols, but I've never confirmed > that you can load anything malicious through it. I've assumed it's > possible, though. I don't know if whitelisting DNS servers is > sufficient due to recursive DNS resolution in the protocol itself. > > My understanding is that DNS calls to an authoritative DNS held by an adverse party can be used to leak information from the targeted system rather than loading any executable class. Regards, ----------------- Daniel Savard
