It was found that xstream API... CVE-2019-10173

7.5 AV AC AU C I A
发布: 2019-07-23
修订: 2020-10-20

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有1条受影响产品信息