wangdudu321123 commented on PR #26424: URL: https://github.com/apache/shardingsphere/pull/26424#issuecomment-1643755931
[【高危漏洞】CVE-2023-28754 Apache ShardingSphere 反序列化漏洞 ](https://mp.weixin.qq.com/s?__biz=Mzg4MDg5NzAxMQ==&mid=2247484559&idx=1&sn=ddd4cbe7bc7c714197a1aceda90e30d7) 实际上需要攻击者获取服务器权限,或者配合其他漏洞才可以造成反序列化攻击,比较鸡肋。In fact, attackers need to obtain server privileges or cooperate with other vulnerabilities to cause deserialization attacks, which is quite challenging. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
