Maven package
ro.pippo/pippo-session
pkg:maven/ro.pippo/pippo-session
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-18240 | — | < 1.12.0 | 1.12.0 | Oct 11, 2018 | Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling. |
- CVE-2018-18240Oct 11, 2018affected < 1.12.0fixed 1.12.0
Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling.