引发该漏洞一般是Controller中把对象作为参数
解决方案:
在Controller类中添加以下代码:
@InitBinder()
public void initBinder(WebDataBinder binder) {
binder.setDisallowedFields(new String[]{});
}
参考:
https://stackoverflow/questions/47945383/how-to-fix-mass-assignment-insecure-binder-configuration-api-abuse-structural/48625284#48625284
https://blog.csdn/zengxianxue/article/details/78567544
更多推荐
Fortify代码扫描:Mass Assignment:Insecure Binder Configuration漏洞解决方案
发布评论