The vulnerability of the Xstream Java library for converting objects into XML or JSON format lies in insufficient validation of incoming requests. This allows attackers to retrieve data from internal resources that are not publicly accessible.

The vulnerability of the Xstream library for converting objects into XML or JSON format is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to request data from internal resources that are not publicly accessible, as a result of...

XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...

XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

XStream Library Arbitrary File Deletion (CVE-2020-26259)

An arbitrary file deletion vulnerability exists in the XStream library. The vulnerability is due to improper validation of user input during unmarshalling of XML and JSON data...

Security Bulletin: A security vulnerability has been identified in Xstream, which is a required product for IBM Tivoli Network Configuration Manager (CVE-2020-26217)

Summary A security vulnerability has been disclosed in the Xstream library , which is installed as part of IBM Tivoli Network Configuration Manager version 6.4.2. Information about this vulnerability has been published in a security bulletin. Vulnerability Details CVEID: CVE-2020-26217 DESCRIPTIO...

CVE-2021-21349

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...

CVE-2021-21350

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to set...

CVE-2021-21346

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

CVE-2021-21347

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

CVE-2021-21349

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...

UBUNTU-CVE-2021-21348

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

UBUNTU-CVE-2021-21351

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...

XStream 代码问题漏洞

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . A code execution vulnerability exists in XStream, which can be exploited by an attacker to manipulate the processed input stream and...

PT-2021-5150

Name of the Vulnerable Software and Affected Versions XStream versions prior to 1.4.16 Description The issue concerns a Java library used for serializing objects to XML and back. It may allow a remote attacker with sufficient rights to execute commands on the host by manipulating the processed...

PT-2021-5333 · Xstream +4 · Xstream +4

Name of the Vulnerable Software and Affected Versions: XStream versions prior to 1.4.16 Description: The issue is related to the deserialization mechanism in the XStream Java library, which is used for converting objects to XML or JSON formats. An attacker can exploit this by manipulating the inp...

PT-2021-4780 · Xstream +7 · Xstream +7

Name of the Vulnerable Software and Affected Versions: XStream versions prior to 1.4.16 Description: The issue is related to the XStream Java library, which is used for serializing objects to XML and back again. It may allow a remote attacker to load and execute arbitrary code from a remote host ...

The vulnerability of the Xstream Java library for converting objects to XML or JSON format arises from the lack of measures taken to eliminate special elements used in operating system commands. This vulnerability allows attackers to execute arbitrary code.

The vulnerability of the Java library for converting objects to XML or JSON format, Xstream, exists due to the lack of measures taken to eliminate special elements used in the operating system command. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

XStream Library Insecure Deserialization (CVE-2019-10173)

An insecure serialization vulnerability exists in XStream Library. The vulnerability is due to insufficient validation of event handler type in user-supplied XML data. A remote attacker could exploit this vulnerability by sending specially crafted XML file to the affected application. Successful...

OpenMRS - Java Deserialization RCE (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenMRS Java Deserialization RCE', 'Description' = %q OpenMRS is an open-source platform that supplies users with a customizable medical record...

OpenMRS Java Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenMRS Java Deserialization RCE', 'Description' = %q OpenMRS is an open-source platform that supplies users with a customizable medical record...