Arbitrary Shell Command Execution Vulnerability in Xstream API

Arbitrary Shell Command Execution Vulnerability in Xstream API

CVE-2013-7285 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.

Learn more about our Api Penetration Testing.