Exploit for Server-Side Request Forgery in Apache Struts

Description XStream is a Java library to serialize objects t...

GHSA-4CCH-WXPW-8P28 Server-Side Forgery Request can be activated unmarshalling with XStream

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. Patches If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15...

Server-Side Forgery Request can be activated unmarshalling with XStream

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. Patches If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15...

XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling

Impact The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. Patches If you rely on XStream's default blacklist of the Security Framework, you will have to use...

GHSA-JFVX-7WRX-43FH XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling

Impact The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. Patches If you rely on XStream's default blacklist of the Security Framework, you will have to use...

CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

Arbitrary File Deletion

xstream is vulnerable to arbitrary file deletion. XStream's default blacklist of the Security Framework does not blacklist the internal JAX-WS type ReadAllStream.FileStream and therefore, allows the deserialization of XML containing those untrusted type, subsequently leading to an arbitrary file...

CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

DEBIAN-CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

Server side request forgery (ssrf)

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

Arbitrary file deletion

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

CVE-2020-26259 XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

CVE-2020-26217

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist i...

CVE-2020-26217

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist i...

CVE-2020-26217

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist i...

Remote code execution

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist i...

CVE-2020-26217 Remote Code Execution in XStream

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist i...