Veracode Vulnerability DatabaseVERACODE:20878Remote Code Execution (RCE)
0.942 High
EPSS
Percentile
99.2%
XStream is vulnerable to remote code execution. The vulnerability exists due to the regression of security vulnerability CVE-2013-7285, allowing a remote attacker to trigger RCE during unmarshaling XML or any supported format.
| CPE | Name | Operator | Version |
|---|---|---|---|
| xstream core | eq | 1.4.10 | |
| xstream core | eq | 1.4.10 |
References
x-stream.github.io/changes.html#1.4.11
access.redhat.com/errata/RHSA-2019:3892
access.redhat.com/errata/RHSA-2019:4352
access.redhat.com/errata/RHSA-2020:0445
access.redhat.com/errata/RHSA-2020:0727
bugzilla.redhat.com/show_bug.cgi?id=1722971
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173
github.com/x-stream/xstream/commit/8542d02d9ac5d384c85f4b33d6c1888c53bd55d3
www.oracle.com//security-alerts/cpujul2021.html
www.oracle.com/security-alerts/cpuapr2020.html
www.oracle.com/security-alerts/cpuApr2021.html
www.oracle.com/security-alerts/cpujan2021.html
www.oracle.com/security-alerts/cpuoct2020.html
www.sourceclear.com/vulnerability-database/vulnerabilities/1619
Related
