CVE-2022-36799

This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Templat...

CVE-2022-36799

Atlassian Jira Server/Data Center is affected by CVE-2022-36799 via Template Injection in Email Templates, enabling Remote Code Execution when an attacker with system administrator permissions exploits velocity templates. Affected versions are:

Atlassian Jira和Atlassian JIRA Data Center 代码注入漏洞

Atlassian Jira and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian Jira is a defect tracking management system. The system is used to track and manage all types of issues and defects on the job.Atlassian JIRA Data Center is the data center version of Atlassian JIRA. ...

[SECURITY] Fedora 34 Update: xstream-1.4.19-1.fc34

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

FreeBSD : jenkins -- DoS vulnerability in bundled XStream library (0b0ad196-1ee8-4a98-89b1-4d5d82af49a9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 0b0ad196-1ee8-4a98-89b1-4d5d82af49a9 advisory. - XStream is an open source java library to serialize objects to XML and back again. Versions...

DoS vulnerability in bundled XStream library in Jenkins Core

Jenkins 2.333 and earlier, LTS 2.319.2 and earlier is affected by the XStream library’s vulnerability CVE-2021-43859. This library is used by Jenkins to serialize and deserialize various XML files, like global and job config.xml, build.xml, and numerous others. This allows attackers able to submi...

GHSA-34WX-X2W9-VQM3 DoS vulnerability in bundled XStream library in Jenkins Core

Jenkins 2.333 and earlier, LTS 2.319.2 and earlier is affected by the XStream library’s vulnerability CVE-2021-43859. This library is used by Jenkins to serialize and deserialize various XML files, like global and job config.xml, build.xml, and numerous others. This allows attackers able to submi...

Jenkins < 2.319.3, < 2.334 DoS Vulnerability - Windows

Jenkins is prone to a denial of service DoS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

Jenkins < 2.319.3, < 2.334 DoS Vulnerability - Linux

Jenkins is prone to a denial of service DoS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

The vulnerability of the XStream Java library for converting objects to XML or JSON format allows attackers to execute arbitrary code. This vulnerability stems from deficiencies in the deserialization mechanism, enabling attackers to execute unauthorized code.

The vulnerability of the XStream library for converting objects to XML or JSON format is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

DEBIAN-CVE-2021-43859

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulatin...

UBUNTU-CVE-2021-43859

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulatin...

xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest thre...

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats stems from deficiencies in the deserialization mechanism. This allows attackers to gain access to protected information and replace objects on the server side.

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability can allow an attacker to gain access to protected information and replace objects on the server side by...

Important: xstream

Issue Overview: A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to...

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats allows attackers to download files of dangerous types indefinitely. This enables attackers to upload and execute arbitrary code from a remote host.

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability could allow an attacker to download and execute arbitrary code from a remote host by...

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats, related to improper code generation management, allows attackers to execute commands on the host.

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to improper handling of code generation. Exploiting this vulnerability allows an attacker to execute commands on the host by manipulating the processed input data...

xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.*

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream...

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats allows for unlimited loading of dangerous types of files, enabling attackers to load and execute arbitrary code.

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability could allow an attacker to download and execute arbitrary code by manipulating the...