BufferedReader is available in java.io package. when we take input using BufferedReader class it takes all the values as String so, whenever any other type of values like int, float values are required. We need to parse the value which is in string form using wrapper class for ex: ...
Using this as an entry point, the researchers said they were able to access arbitrary Java classes (e.g. "java.io.BufferedReader") and instantiate them by passing malicious payloads. Citadelo said it was able to perform the following the set of actions by exploiting the flaw: View content...