PT-2018-14983 · Thoughtworks+1 · Xstream+1

Xqc2000

Publicado

2018-11-26

Atualizado

2018-12-19

CVE-2018-19530

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HTTL versions through 1.0.11

Description The issue allows remote command execution due to the unsafe use of XStream in the decodeXml function when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting.

Recommendations For versions through 1.0.11, consider disabling the decodeXml function or avoiding the use of the XstreamCodec setting until a patch is available. Restrict access to the affected function to minimize the risk of exploitation.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2018-19530

Produtos afetados

Httl

Xstream

PT-2018-14983 · Thoughtworks+1 · Xstream+1

CVE-2018-19530

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3