justind1995
commented
1 year ago Great catch, this is a duplicate of https://github.com/sonatype-nexus-community/codetocloud-workshop/issues/56
Open AJWood515 opened 1 year ago
justind1995
commented
1 year ago Great catch, this is a duplicate of https://github.com/sonatype-nexus-community/codetocloud-workshop/issues/56
Summary
XStream does not provide security checks when creating Java objects. When untrusted data is processed, an attacker can provide crafted data that allows arbitrary code execution resulting in access to the host system that is only limited by the privileges of the running application.
Details
The application is vulnerable by using this component as it is outdated.
PoC
Complete instructions, including specific configuration details, to reproduce the vulnerability.
Impact
High vulnerability that could potential impact everyone company wide