exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 6

CVE-2019-10173

больше 6 лет назад

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)

CVSS3: 9.8

EPSS: Критический

CVE-2019-10173

больше 7 лет назад

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)

CVSS3: 7.3

EPSS: Критический

CVE-2019-10173

больше 6 лет назад

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)

CVSS3: 9.8

EPSS: Критический

CVE-2019-10173

больше 6 лет назад

It was found that xstream API version 1.4.10 before 1.4.11 introduced ...

CVSS3: 9.8

EPSS: Критический

GHSA-hf23-9pf7-388p

больше 6 лет назад

Deserialization of Untrusted Data and Code Injection in xstream

CVSS3: 9.8

EPSS: Критический

BDU:2019-02936

больше 6 лет назад

Уязвимость Java-библиотеки для преобразования объектов в XML или JSON формат XStream, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольные команды

CVSS3: 9.8

EPSS: Критический

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2019-10173 It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)	CVSS3: 9.8	93% Критический	больше 6 лет назад
CVE-2019-10173 It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)	CVSS3: 7.3	93% Критический	больше 7 лет назад
CVE-2019-10173 It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)	CVSS3: 9.8	93% Критический	больше 6 лет назад
CVE-2019-10173 It was found that xstream API version 1.4.10 before 1.4.11 introduced ...	CVSS3: 9.8	93% Критический	больше 6 лет назад
GHSA-hf23-9pf7-388p Deserialization of Untrusted Data and Code Injection in xstream	CVSS3: 9.8	93% Критический	больше 6 лет назад
BDU:2019-02936 Уязвимость Java-библиотеки для преобразования объектов в XML или JSON формат XStream, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольные команды	CVSS3: 9.8	93% Критический	больше 6 лет назад

Уязвимостей на страницу