59 * </td> |
58 * </td> |
60 * <td> |
59 * <td> |
61 * Malicious code can set {@link DatatypeConverterInterface}, which has |
60 * Malicious code can set {@link DatatypeConverterInterface}, which has |
62 * VM-wide singleton semantics, before a genuine JAXB implementation sets one. |
61 * VM-wide singleton semantics, before a genuine JAXB implementation sets one. |
63 * This allows malicious code to gain access to objects that it may otherwise |
62 * This allows malicious code to gain access to objects that it may otherwise |
64 * not have access to, such as {@link Frame#getFrames()} that belongs to |
63 * not have access to, such as {@link java.awt.Frame#getFrames()} that belongs to |
65 * another application running in the same JVM. |
64 * another application running in the same JVM. |
66 * </td> |
65 * </td> |
67 * </tr> |
66 * </tr> |
68 * </table> |
67 * </table> |
69 * |
68 * |