The vulnerability of the Xstream Java library for converting objects to XML or JSON format arises from the lack of measures taken to eliminate special elements used in operating system commands. This vulnerability allows attackers to execute arbitrary code.
The vulnerability of the Java library for converting objects to XML or JSON format, Xstream, exists due to the lack of measures taken to eliminate special elements used in the operating system command. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...