Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Activemq
APPApache5.15.8Oracle Endeca Information Discovery Studio
APPOracle3.2.0Xstream
APPXstream1.4.10≤ 1.4.6
Powiązane podatności
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a ...
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and exec...
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to ...
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which ca...
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserializat...