-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
被通付盾安全监测出一个中危漏洞,贵司有计划修复一下么? #1059
Comments
你一个app怎么绝服务攻击攻击 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
检测项目 | 本地拒绝服务攻击
风险描述 | 应用程序在编写过程中没有对Intent.getXXXExtra()这类方法调用进行异常的捕 获,攻击者可以通过发送空数据、异常数据或畸形数据使程序崩溃,从而造成拒 绝服务攻击。
风险等级 | 中危
风险数量 | 1
漏洞位置 | 漏洞位置格式:“类名”->“方法名” Lcom/alibaba/android/arouter/core/InstrumentationHook;- >newActivity(Ljava/lang/ClassLoader;Ljava/lang/String;Landroid/content/ Intent;)Landroid/app/Activity;
修复建议 | 建议对Intent.getXXXExtra()进行异常的捕获或者严格校验输入参数。
The text was updated successfully, but these errors were encountered: