CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...
GitHub

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Originally released as part of AppSecCali 2015 Talk "Marshalling Pickles: how deserializing objects will ruin your day" with gadget chains for Apache Commons Collections (3.x and 4.x), Spring ...
GitHub

MyBatis SQL Mapper Framework for Java

The MyBatis SQL mapper framework makes it easier to use a relational database with object-oriented applications. MyBatis couples objects with stored procedures or SQL statements using an XML ...
IEEE

Using Large Language Models to Extract UML Class Diagrams from Java Programs

Abstract: Many organizations rely on software systems to perform their core business operations. These systems often require modernization to accommodate new requirements and demands over time. Visual ...