← Back to CVE List

CVE-2018-18240

Published: 2018-10-11T07:29Z
Last Modified: 2024-11-21T03:55Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt