ID | CVE-2017-7957 | ||||||
Sažetak | XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call. | ||||||
Reference |
|
||||||
CVSS |
|
||||||
Pristup |
|
||||||
Impact |
|
||||||
CVSS vektor | AV:N/AC:L/Au:N/C:N/I:N/A:P | ||||||
Zadnje važnije ažuriranje | 26-03-2019 - 17:15 | ||||||
Objavljeno | 29-04-2017 - 19:59 |