When it comes to immutability of java, it’s important for us to know about data type of String. Each time we try to modify the string, it would create a new object with new value. When it comes to mutability of java, the sample data type for it would be such like array, and we can modify the elements on specific index. However, it is a more interesting topic in this article: How to create an immutable class by ourselves?
In CVE-2018-13379, untrusted user could use the feature of
snprintf() to launch the attack of arbitrary file reading.
snprintf() already a safer function?
What kind of the feature can be used to bypass the limitation of file extension?
In this article, I would not only analyze the way of launching an attack, but also share some ideas of mitigation!