5 matches found
CVE-2018-18240
Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling...
com.gitblit.fathom:fathom-integration-test (>=0.5.0 <=1.0.1), com.gitblit.fathom:fathom-mailer (>=0.5.0 <=1.0.1) +72 more potentially affected by CVE-2018-18240 via ro.pippo:pippo-core (>=0.4.0 <=1.11.0)
ro.pippo:pippo-core MAVEN version =0.4.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.2, =0.8.1, =0.8.4, =0.8.0, =0.8.0, =0.2.3, =0.4.0, =0.4.0, =1.11.0 and more Source cves: CVE-2018-18240 Source advisory: OSV:GHSA-H892-X453-86WC...
ro.pippo:pippo-demo-session (>=0.4.0 <=0.6.1), ro.pippo:pippo-session-cookie (>=0.4.0 <=1.11.0) +10 more potentially affected by CVE-2018-18240 via ro.pippo:pippo-session (>=0.4.0 <=1.11.0)
ro.pippo:pippo-session MAVEN version =0.4.0, =0.4.0, =0.4.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =1.11.0 Source cves: CVE-2018-18240 Source advisory: OSV:GHSA-H892-X453-86WC...
CVE-2018-18240
Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling...
CVE-2018-18240
Pippo up to version 1.11.0 is vulnerable to remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream’s available protection mechanisms to restrict unmarshalling.