CVE-2018-18240

2018-10-11T07:29:00
ID CVE-2018-18240
Type cve
Reporter cve@mitre.org
Modified 2020-08-24T17:37:00

Description

Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling.