Enhancement: cves/2013/CVE-2013-7285.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-04-12 15:45:23 -04:00
parent 351deb95fd
commit 71a803e856
1 changed files with 1 additions and 1 deletions

View File

@ -5,7 +5,7 @@ info:
author: pwnhxl author: pwnhxl
severity: critical severity: critical
description: | description: |
Xstream API before 1.4.6 and version 1.4.10 is susceptible to remote code execution. If the security framework has not been initialized, an attacker can run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. This can allow an attacker to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Xstream API before 1.4.6 and 1.4.10 is susceptible to remote code execution. If the security framework has not been initialized, an attacker can run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. This can allow an attacker to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
reference: reference:
- http://x-stream.github.io/CVE-2013-7285.html - http://x-stream.github.io/CVE-2013-7285.html
- https://x-stream.github.io/CVE-2013-7285.html - https://x-stream.github.io/CVE-2013-7285.html