ID CVE-2018-18240
Summary Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
refmap via4
misc https://github.com/pippo-java/pippo/issues/454
Last major update 11-10-2018 - 03:29
Published 11-10-2018 - 03:29
Last modified 11-10-2018 - 03:29
Back to Top