Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-05-15T16:54:57
Updated: 2022-04-25T12:46:54
Reserved: 2014-01-09T00:00:00
Link: CVE-2013-7285
JSON object: View
NVD Information
Status : Modified
Published: 2019-05-15T17:29:00.297
Modified: 2023-11-07T02:18:01.090
Link: CVE-2013-7285
JSON object: View
Redhat Information
No data.
CWE