Remote Code Execution (RCE)

org.apache.eventmesh:eventmesh-connector-rabbitmq is vulnerable to Remote Code Execution RCE. The vulnerability is due to blindly reading a ByteArrayInputStream without sanitization in getFromByteArray, which allows an attacker to execute malicious code on the system via rabbitmq messages...

XStream 代码问题漏洞

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . XStream has a denial-of-service vulnerability that can be exploited by an attacker to manipulate a processed input stream and replac...