XStream does not provide security checks when creating Java objects. When untrusted data is processed, an attacker can provide crafted data that allows arbitrary code execution resulting in access to the host system that is only limited by the privileges of the running application.
Details
The application is vulnerable by using this component as it is outdated.
PoC
Complete instructions, including specific configuration details, to reproduce the vulnerability.
Impact
High vulnerability that could potential impact everyone company wide
Summary
XStream does not provide security checks when creating Java objects. When untrusted data is processed, an attacker can provide crafted data that allows arbitrary code execution resulting in access to the host system that is only limited by the privileges of the running application.
Details
The application is vulnerable by using this component as it is outdated.
PoC
Complete instructions, including specific configuration details, to reproduce the vulnerability.
Impact
High vulnerability that could potential impact everyone company wide