CVE-2020-26217 - XStream before version 1.4.14 is vulnerable to Remote Code Execution.The - CVEs Blog

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream’s Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26217

Reference (s):

https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a
URL: https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a
https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2
URL: https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2
https://security.netapp.com/advisory/ntap-20210409-0004/

CVE-2020-26217 – XStream before version 1.4.14 is vulnerable to Remote Code Execution.The

Something Fresh

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2020-27216 - In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 1

CVE-2020-27212 - STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

What People Reading

CVE-2015-0320 - Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and

CVE-2015-0353 - Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.

CVE-2020-2576 - Vulnerability in the Oracle Outside In Technology product of Oracle Fusio

CVE-2020-25117 - The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to U

CVE-2020-21124 - UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of

Categories

Partners

Just add here your partners image or promo text