VYPR
High severityNVD Advisory· Published Nov 16, 2020· Updated Aug 4, 2024

Remote Code Execution in XStream

CVE-2020-26217

Description

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.thoughtworks.xstream:xstreamMaven
< 1.4.14-java71.4.14-java7

Affected products

36

Patches

Vulnerability mechanics

References

22

News mentions

0

No linked articles in our index yet.