the tl;dr of this is: even oracle doesn't know how to use java safetly (?) https://www.computest.nl/advisories/CT-2017-0425_MySQL-Connector-J.txt …
-
-
Replying to @hanno
It's ridiculous how every "we're not unsafe like C!" language invents its own idiotic mechanisms for achieving code execution from data...
1 reply 0 retweets 0 likes -
Replying to @RichFelker
do you think so? what are rust's/go's codeexec vulns? I mean java is not exactly the latest and greatest c alternative
1 reply 0 retweets 0 likes -
Replying to @hanno
I don't know them well enough to say; maybe they do better. "Every" was of course an overstatement without further research.
1 reply 0 retweets 0 likes
Replying to @RichFelker @hanno
IIRC this sort of "hidden eval" in deserialization and the like is a pattern I've seen in several higher level OO langs.
12:37 PM - 26 Apr 2017
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.