[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 194898 Download | Alert*

libxstream-java: Java library to serialize objects to XML and back again Several security issues were fixed in libxstream-java.

libxstream-java: Java library to serialize objects to XML and back again Several security issues were fixed in XStream library.

It was discovered that the default blacklist of XStream, a Java library to serialise objects to XML and back again, was vulnerable to the execution of arbitrary shell commands by manipulating the processed input stream. For additional defense-in-depth it is recommended to switch to the whitelist approach of XStream"s security framework. For additional information please refer to https://github.com ...

It was discovered that the default blacklist of XStream, a Java library to serialise objects to XML and back again, was vulnerable to the execution of arbitrary shell commands by manipulating the processed input stream. For additional defense-in-depth it is recommended to switch to the whitelist approach of XStream"s security framework. For additional information please refer to https://github.com ...

A flaw was found in xstream. An unsafe deserialization of user-supplied XML, in conjunction with relying on the default deny list, allows a remote attacker to perform a variety of attacks including a remote code execution of arbitrary code in the context of the JVM running the XStream application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system ...

XStream is a Java XML serialization library to serialize objects to and deserialize object from XML. Security Fix: * XStream: remote code execution due to insecure XML deserialization when relying on blocklists For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

The advisory is missing the security advisory description. For more information please visit the reference link

The advisory is missing the security advisory description. For more information please visit the reference link

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: * golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS * golang: math/big: panic during recursive division of very large numbers * golang: malicious symbol names can lead to code execution at build time * golang: improper validation of cgo fla ...

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection


Pages:      Start    9373    9374    9375    9376    9377    9378    9379    9380    9381    9382    9383    9384    9385    9386    ..   19489

© SecPod Technologies