{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,27]],"date-time":"2026-03-27T02:38:30Z","timestamp":1774579110382,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":57,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,10,27]],"date-time":"2024-10-27T00:00:00Z","timestamp":1729987200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62332005"],"award-info":[{"award-number":["62332005"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62372114"],"award-info":[{"award-number":["62372114"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,10,27]]},"DOI":"10.1145\/3691620.3695531","type":"proceedings-article","created":{"date-parts":[[2024,10,18]],"date-time":"2024-10-18T15:39:19Z","timestamp":1729265959000},"page":"1633-1644","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Magneto: A Step-Wise Approach to Exploit Vulnerabilities in Dependent Libraries via LLM-Empowered Directed Fuzzing"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-7819-9656","authenticated-orcid":false,"given":"Zhuotong","family":"Zhou","sequence":"first","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-8095-7754","authenticated-orcid":false,"given":"Yongzhuo","family":"Yang","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-2169-7032","authenticated-orcid":false,"given":"Susheng","family":"Wu","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-4722-3658","authenticated-orcid":false,"given":"Yiheng","family":"Huang","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7238-7492","authenticated-orcid":false,"given":"Bihuan","family":"Chen","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3376-2581","authenticated-orcid":false,"given":"Xin","family":"Peng","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]}],"member":"320","published-online":{"date-parts":[[2024,10,27]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Retrieved","year":"2024","unstructured":"Apache. 2024. Update Apache Commons BeanUtils dependency from 1.9.3 to 1.9.4. Retrieved May 28, 2024 from https:\/\/issues.apache.org\/jira\/browse\/VALIDATOR-460"},{"key":"e_1_3_2_1_2_1","volume-title":"Retrieved","author":"ASM.","year":"2024","unstructured":"ASM. 2024. ASM. Retrieved May 30, 2024 from https:\/\/asm.ow2.io\/"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2560217.2560219"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134020"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978428"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.17"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179377"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00044"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243849"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639583"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-49538-X_5"},{"key":"e_1_3_2_1_12_1","unstructured":"Chongzhou Fang Ning Miao Shaurya Srivastav Jialin Liu Ruoyu Zhang Ruijie Fang Asmita Asmita Ryan Tsang Najmeh Nazari Han Wang et al. 2023. Large language models for code analysis: Do llms really do their job? (2023)."},{"key":"e_1_3_2_1_13_1","volume-title":"Proceedings of the 14th USENIX Workshop on Offensive Technologies.","author":"Fioraldi Andrea","year":"2020","unstructured":"Andrea Fioraldi, Dominik Maier, Heiko Ei\u00dffeldt, and Marc Heuse. 2020. {AFL++}: Combining incremental steps of fuzzing research. In Proceedings of the 14th USENIX Workshop on Offensive Technologies."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2025113.2025179"},{"key":"e_1_3_2_1_15_1","volume-title":"Retrieved","year":"2024","unstructured":"Github. 2024. Apache Commons Beanutils. Retrieved May 28, 2024 from https:\/\/github.com\/apache\/commons-beanutils"},{"key":"e_1_3_2_1_16_1","volume-title":"Retrieved","year":"2024","unstructured":"Github. 2024. Apache Commons Validator. Retrieved May 28, 2024 from https:\/\/github.com\/apache\/commons-validator"},{"key":"e_1_3_2_1_17_1","volume-title":"Retrieved","year":"2024","unstructured":"Github. 2024. Java Code Coverage Library. Retrieved May 28, 2024 from https:\/\/github.com\/jacoco\/jacoco"},{"key":"e_1_3_2_1_18_1","volume-title":"Retrieved","year":"2024","unstructured":"Github. 2024. jd-core. Retrieved May 30, 2024 from https:\/\/github.com\/java-decompiler\/jd-core"},{"key":"e_1_3_2_1_19_1","volume-title":"Retrieved","year":"2024","unstructured":"Github. 2024. Soot - A Java optimization framework. Retrieved May 29, 2024 from https:\/\/github.com\/soot-oss\/soot"},{"key":"e_1_3_2_1_20_1","volume-title":"Retrieved","year":"2024","unstructured":"Google. 2024. Understanding the Impact of Apache Log4j Vulnerability. Retrieved May 26, 2024 from https:\/\/security.googleblog.com\/2021\/12\/understanding-impact-of-apache-log4j.html"},{"key":"e_1_3_2_1_21_1","volume-title":"Proceedings of the 21st USENIX Security Symposium. 445--458","author":"Holler Christian","year":"2012","unstructured":"Christian Holler, Kim Herzig, and Andreas Zeller. 2012. Fuzzing with code fragments. In Proceedings of the 21st USENIX Security Symposium. 445--458."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639230"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE51524.2021.9678905"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-022-10131-8"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICPC52881.2021.00046"},{"key":"e_1_3_2_1_26_1","volume-title":"Retrieved","year":"2024","unstructured":"JavaParser. 2024. JavaParser Home. Retrieved May 30, 2024 from https:\/\/javaparser.org\/"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598147"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534398"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3649828"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE56229.2023.00140"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510142"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.5555\/3155562.3155577"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460319.3464836"},{"key":"e_1_3_2_1_34_1","first-page":"2019","volume-title":"Retrieved","author":"NVD.","year":"2024","unstructured":"NVD. 2024. CVE-2019-10086 Detail. Retrieved May 28, 2024 from https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-10086"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3293882.3339002"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.3025443"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2018.00054"},{"key":"e_1_3_2_1_38_1","volume-title":"Retrieved","year":"2023","unstructured":"sonatype. 2023. 9th Annual State of the Software Supply Chain. Retrieved May 25, 2024 from https:\/\/www.sonatype.com\/state-of-the-software-supply-chain\/introduction"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2023.3324950"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639117"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598107"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510050"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.23"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00081"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME46990.2020.00014"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243847"},{"key":"e_1_3_2_1_47_1","volume-title":"Retrieved","year":"2024","unstructured":"wikipedia. 2024. Cohen's kappa Wikipedia. Retrieved May 29, 2024 from https:\/\/en.wikipedia.org\/wiki\/Cohen%27s_kappa"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639582"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3691620.3695516"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00095"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180182"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3540250.3549125"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3551349.3556921"},{"key":"e_1_3_2_1_54_1","volume-title":"Retrieved","author":"Zalewski Michal","year":"2014","unstructured":"Michal Zalewski. 2014. American fuzzing lop (AFL). Retrieved May 25, 2024 from http:\/\/lcamtuf.coredump.cx\/afl\/"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534390"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00150"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE56229.2023.00058"}],"event":{"name":"ASE '24: 39th IEEE\/ACM International Conference on Automated Software Engineering","location":"Sacramento CA USA","acronym":"ASE '24","sponsor":["SIGAI ACM Special Interest Group on Artificial Intelligence","SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS"]},"container-title":["Proceedings of the 39th IEEE\/ACM International Conference on Automated Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3691620.3695531","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3691620.3695531","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:09:39Z","timestamp":1750295379000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3691620.3695531"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,27]]},"references-count":57,"alternative-id":["10.1145\/3691620.3695531","10.1145\/3691620"],"URL":"https:\/\/doi.org\/10.1145\/3691620.3695531","relation":{},"subject":[],"published":{"date-parts":[[2024,10,27]]},"assertion":[{"value":"2024-10-27","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}