Commons-collections4
与commons-collections相比:
- 少了LazyMap#decorate, 替换为了LazyMap#lazyMap.
- 多了CC2和CC4两条利用链
CC>=3.2.2
Serialization support for org.apache.commons.collections.functors.InvokerTransformer is disabled for security reasons. To enable it set system property ‘org.apache.commons.collections.enableUnsafeSerialization’ to ‘true’, but you must ensure that your application does not de-serialize objects from untrusted sources.
CC链总结
若有收获,就点个赞吧
0 人点赞
