CVE-2022-22963
- EPSS 94.46%
- Published 01.04.2022 23:15:13
- Last modified 13.03.2025 16:36:53
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access ...
CVE-2021-29505
- EPSS 90.77%
- Published 28.05.2021 21:15:08
- Last modified 30.05.2025 00:15:20
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input str...
CVE-2020-26217
- EPSS 93.01%
- Published 16.11.2020 21:15:12
- Last modified 23.05.2025 16:54:19
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone...