灵悉,社交类兴趣项目,实现带图动态、评论互动,此为服务端,交流群:387355490
关于灵悉 此代码为灵悉项目服务端代码 [21/05/10] 1、发布动态时保存话题和@用户 2、修复一些bug [19/05/18] 1、引入Swagger2,生成接口文档,服务启动后访问 2、引入dom4j解析xml,加入简单的token校验 3、诸多配置项,希望有所收获 4、补充,提升fastjson版本号,原因低版本存在漏洞,详见CVE-2017-
parseObject in Fastjson prior to 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote malicious users to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pippo pippo 1.11.0 |
||
alibaba fastjson |