CVE-2018-18240 – Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilde …

0

Vuln ID: CVE-2018-18240

Published:  2018-10-11  07:29:00Z

Description: Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream’s available protection mechanisms to restrict unmarshalling.

Source: NVD.NIST.GOV