VYPR
Critical severityNVD Advisory· Published Oct 11, 2018· Updated Sep 16, 2024

CVE-2018-18240

CVE-2018-18240

Description

Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ro.pippo:pippo-coreMaven
< 1.12.01.12.0
ro.pippo:pippo-sessionMaven
< 1.12.01.12.0

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.