CVE
CVE-2013-7285
Command Injection in Xstream
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.
Endor Patches
Patch Name
Vulnerabilities fixed
Lines of Code Changed