Lucene search
K

3 matches found

RedHat Linux
RedHat Linux
added 2022/01/26 3:52 p.m.10 views

xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

8.5CVSS7.7AI score0.16118EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2021/12/02 4:17 p.m.4 views

xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest thre...

8.5CVSS7.4AI score0.03437EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2021/10/25 6:54 a.m.5 views

xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest thre...

8.5CVSS7.4AI score0.03437EPSS
Exploits2References5
Rows per page
Query Builder