It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2019-07-23T12:50:44
Updated: 2024-08-04T22:10:10.018Z
Reserved: 2019-03-27T00:00:00
Link: CVE-2019-10173
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-07-23T13:15:13.177
Modified: 2022-10-05T20:38:17.927
Link: CVE-2019-10173
Redhat