XStream Denial of Service Vulnerability (CNVD-2021-28331)

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . XStream has a denial-of-service vulnerability that can be exploited by an attacker to manipulate the processed input stream and...

XStream Code Execution Vulnerability (CNVD-2021-28332)

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . A code execution vulnerability exists in XStream, which can be exploited by an attacker to manipulate the processed input stream and...

XStream server-side request forgery vulnerability (CNVD-2021-28337)

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can be easily converted to each other . XStream has a server-side request forgery vulnerability that can be exploited by an attacker to manipulate the processed input strea...

biz.lobachev.annette:api-gateway-core_2.13 (=0.3.0), biz.lobachev.annette:application-api-gateway_2.13 (=0.3.0) +456 more potentially affected by CVE-2021-23339 via com.typesafe.akka:akka-http-core_2.13 (>=10.2.0 <=10.2.3)

com.typesafe.akka:akka-http-core2.13 MAVEN version =10.2.0, =10.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on com.typesafe.akka:akka-http-core2.13 and may be impacted: - biz.lobachev.annette:api-gateway-core2.13 =0.3.0 -...

The vulnerability of the Java library for reading and writing MS Office documents using Apache POI, related to executing a loop with an unreachable exit condition, allows attackers to cause service failures.

The vulnerability of the Java library for reading and writing MS Office documents using Apache POI is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

Debian DLA-2507-1 : libxstream-java security update

Several security vulnerabilities were discovered in XStream, a Java library to serialize objects to XML and back again. CVE-2020-26258 XStream is vulnerable to a Server-Side Forgery Request which can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data fr...

[SECURITY] [DLA 2507-1] libxstream-java security update

Debian LTS Advisory DLA-2507-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany December 31, 2020 https://wiki.debian.org/LTS Package : libxstream-java Version : 1.4.11.1-1+deb9u1 CVE ID : CVE-2020-26258 CVE-2020-26259 Debian Bug : 977625 977624 Several security...

FasterXML jackson-databind Remote Code Execution (CVE-2020-14645; CVE-2020-24616; CVE-2020-8840)

FasterXML jackson-databind is a java library that contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor, under the right conditions, exploit Java applications performing unsafe deserialization of objects. Successful exploitation of unsafe deserializatio...

CVE-2020-26258

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

CVE-2020-26258

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

CVE-2020-26258

CVE-2020-26258 is a Server-Side Forgery/SSRF via XStream unmarshalling in versions prior to 1.4.15. Public docs corroborate exploitation possible by crafted input streams to access internal resources, with Java 15+ mitigating the issue and a whitelist-based Security Framework recommended over the...

CVE-2020-26259 XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

[SECURITY] [DSA 4811-1] libxstream-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4811-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 15, 2020 https://www.debian.org/security/faq -...

CVE-2020-26238

Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote...

CVE-2020-26238

Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote...

CVE-2020-26238 Critical vulnerability found in cron-utils

Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote...

[SECURITY] Fedora 32 Update: ant-1.10.9-1.fc32

Apache Ant is a Java library and command-line tool whose mission is to drive processes described in build files as targets and extension points dependent upon each other. The main known usage of Ant is the build of Java applications. Ant supplies a number of built-in tasks allowing to compile,...

[SECURITY] Fedora 31 Update: ant-1.10.9-1.fc31

Apache Ant is a Java library and command-line tool whose mission is to drive processes described in build files as targets and extension points dependent upon each other. The main known usage of Ant is the build of Java applications. Ant supplies a number of built-in tasks allowing to compile,...