exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 9

CVE-2020-26217

около 5 лет назад

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.

CVSS3: 8

EPSS: Критический

CVE-2020-26217

около 5 лет назад

CVSS3: 9

EPSS: Критический

CVE-2020-26217

около 5 лет назад

CVSS3: 8

EPSS: Критический

CVE-2020-26217

около 5 лет назад

XStream before version 1.4.14 is vulnerable to Remote Code Execution.T ...

CVSS3: 8

EPSS: Критический

GHSA-mw36-7c6c-q4q2

около 5 лет назад

XStream can be used for Remote Code Execution

CVSS3: 8

EPSS: Критический

ELSA-2021-0162

около 5 лет назад

ELSA-2021-0162: xstream security update (IMPORTANT)

EPSS: Низкий

BDU:2020-05622

около 5 лет назад

Уязвимость Java-библиотеки для преобразования объектов в XML или JSON формат Xstream, существующая из-за непринятия мер по нейтрализации специальных элементов, используемых в команде операционной системы, позволяющая нарушителю выполнить произвольный код

CVSS3: 8

EPSS: Критический

openSUSE-SU-2021:0140-1

около 5 лет назад

Security update for xstream

EPSS: Низкий

SUSE-SU-2021:0176-1

около 5 лет назад

Security update for xstream

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2020-26217 XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.	CVSS3: 8	94% Критический	около 5 лет назад
CVE-2020-26217 XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.	CVSS3: 9	94% Критический	около 5 лет назад
CVE-2020-26217 XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.	CVSS3: 8	94% Критический	около 5 лет назад
CVE-2020-26217 XStream before version 1.4.14 is vulnerable to Remote Code Execution.T ...	CVSS3: 8	94% Критический	около 5 лет назад
GHSA-mw36-7c6c-q4q2 XStream can be used for Remote Code Execution	CVSS3: 8	94% Критический	около 5 лет назад
ELSA-2021-0162 ELSA-2021-0162: xstream security update (IMPORTANT)			около 5 лет назад
BDU:2020-05622 Уязвимость Java-библиотеки для преобразования объектов в XML или JSON формат Xstream, существующая из-за непринятия мер по нейтрализации специальных элементов, используемых в команде операционной системы, позволяющая нарушителю выполнить произвольный код	CVSS3: 8	94% Критический	около 5 лет назад
openSUSE-SU-2021:0140-1 Security update for xstream			около 5 лет назад
SUSE-SU-2021:0176-1 Security update for xstream			около 5 лет назад

Уязвимостей на страницу