4222 matches found
CVE-2021-39147
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...
CVE-2021-39147
CVE-2021-39147 relates to XStream, a Java library for XML serialization. Publicly available documents confirm a remote code execution risk when processing input streams, with XStream 1.4.18 and related releases susceptible unless mitigations are applied. Connected sources describe the root cause ...
CVE-2021-39146
CVE-2021-39146 is an XStream deserialization vulnerability that has been addressed in multiple IBM advisories. The issue allows remote code execution via unsafe object deserialization in XStream across products that bundle the library (e.g., Atlas eDiscovery Process Management, ITNCM, IBM Spectru...
CVE-2021-39145
The CVE-2021-39145 vulnerability affects the XStream Java library. In affected versions, a remote attacker can load and execute arbitrary code by manipulating the processed input stream. Public advisories reference XStream updates (e.g., Fedora, Debian, Amazon Linux 2) and indicate remediation th...
CVE-2021-39145 XStream is vulnerable to an Arbitrary Code Execution attack
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...
CVE-2021-39139 XStream is vulnerable to an Arbitrary Code Execution attack
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of th...
CVE-2021-39139
CVE-2021-39139 affects XStream, a Java XML serialization library. The vulnerability allows a remote attacker to load and execute arbitrary code by manipulating the processed input stream; exploitation depends on the affected XStream version and runtime behavior. Connected advisories confirm XStre...
XStream 代码问题漏洞
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
XStream 代码问题漏洞
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67817)
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
XStream 代码问题漏洞
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67823)
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
XStream 代码问题漏洞
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
XStream 代码问题漏洞
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
CVE-2021-39144
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...
XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67827)
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
XStream 代码问题漏洞
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
XStream SSRF Vulnerability (CNVD-2021-67821)
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and previous versions have a server-side request forgery vulnerability, which can be used by remote attackers to submit special requests that can obtain...
CVE-2021-39144
CVE-2021-39144 refers to a remote code execution vulnerability in XStream, a Java library for XML serialization. When processed input streams are manipulated, an attacker with sufficient rights could execute arbitrary commands on the host. Public descriptions consistently note that XStream now us...
Deserialization of Untrusted Data in Apache jUDDI
Apache jUDDI uses several classes related to Java's Remote Method Invocation RMI which as an extension to UDDI provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicio...