the tl;dr of this is: even oracle doesn't know how to use java safetly (?) https://www.computest.nl/advisories/CT-2017-0425_MySQL-Connector-J.txt …
It's ridiculous how every "we're not unsafe like C!" language invents its own idiotic mechanisms for achieving code execution from data...
-
-
do you think so? what are rust's/go's codeexec vulns? I mean java is not exactly the latest and greatest c alternative
-
I don't know them well enough to say; maybe they do better. "Every" was of course an overstatement without further research.
-
IIRC this sort of "hidden eval" in deserialization and the like is a pattern I've seen in several higher level OO langs.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.