GitHub

Security Scan Report: Object Deserialization Can Lead to Remote Code Execution #46845

Refactor TwitterIdentityProvider.java to deserialize the Base64-decoded data using JSON instead of Java object streams If ObjectInputStream must be retained, implement HMAC signature verification on ...