Article Explores Native Deserialization Vulnerabilities in JDK 7u21 and JDK 8u20
Vulnerability
The article explores native deserialization vulnerabilities in JDK 7u21 and JDK 8u20. It details how a hash collision can trigger Anno.equals, leading to remote code execution (RCE) in JDK 7u21. Additionally, it describes the construction of serialization files using bytecodes for JDK 8u20. These vulnerabilities allow attackers to exploit security flaws by manipulating serialized objects.