Vulnerability CVE-2018-18240


Published: 2018-10-11

Description:
Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling.

 References:
https://github.com/pippo-java/pippo/issues/454

Copyright 2018, cxsecurity.com

 

Back to Top