CVEs-PoC/2017/CVE-2017-7957.md at ef999830cefac409bd2be04bf317a47573d9dfe5

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-09 19:17:37 +02:00

Files

T

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("") call.

POC

Reference

No PoCs from references.

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Anonymous-Phunter/PHunter
https://github.com/CGCL-codes/PHunter
https://github.com/Whoopsunix/PPPVULNS
https://github.com/dotanuki-labs/android-oss-cves-research
https://github.com/lmarso-asapp/kotlin-unsecure
https://github.com/pkrajanand/xstream_v1_4_11_security_issues
https://github.com/pkrajanand/xstream_v1_4_9_security_issues
https://github.com/x-poc/xstream-poc

1.1 KiB Raw Blame History

CVE-2017-7957

Description

POC

Reference

Github

1.1 KiB

Raw Blame History