Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-55137

Arbitrary code execution with XStream

    XMLWordPrintable

Details

    Description

      XSteram <= 1.4.6 is vulnerable to arbitrary code execution when deserializing objects.

      Attachments

        Issue Links

          duplicates

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. LPS-53166 Upgrade XStream from 1.4.3 to 1.4.7

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              samuel.kong Samuel Kong
              samuel.kong Samuel Kong
              Felipe Lins Felipe Lins
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                7 years, 50 weeks ago

                Packages

                  Version Package
                  6.2.3 CE GA4