Download
| Alert*
|
oval:org.secpod.oval:def:70357
libxstream-java: Java library to serialize objects to XML and back again Several security issues were fixed in libxstream-java. oval:org.secpod.oval:def:605344 It was discovered that the default blacklist of XStream, a Java library to serialise objects to XML and back again, was vulnerable to the execution of arbitrary shell commands by manipulating the processed input stream. For additional defense-in-depth it is recommended to switch to the whitelist app ... oval:org.secpod.oval:def:69831 It was discovered that the default blacklist of XStream, a Java library to serialise objects to XML and back again, was vulnerable to the execution of arbitrary shell commands by manipulating the processed input stream. For additional defense-in-depth it is recommended to switch to the whitelist app ... oval:org.secpod.oval:def:705999 libxstream-java: Java library to serialize objects to XML and back again Several security issues were fixed in XStream library. oval:org.secpod.oval:def:1504603 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:205830 XStream is a Java XML serialization library to serialize objects to and deserialize object from XML. Security Fix: * XStream: remote code execution due to insecure XML deserialization when relying on blocklists For more details about the security issue, including the impact, a CVSS score, acknowled ... oval:org.secpod.oval:def:705869 libxstream-java: Java library to serialize objects to XML and back again Several security issues were fixed in libxstream-java. oval:org.secpod.oval:def:1700541 A flaw was found in xstream. An unsafe deserialization of user-supplied XML, in conjunction with relying on the default deny list, allows a remote attacker to perform a variety of attacks including a remote code execution of arbitrary code in the context of the JVM running the XStream application. T ... |
