mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-30 04:49:42 +00:00
1.1 KiB
1.1 KiB
CVE-2017-7957
Description
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("") call.
POC
Reference
No PoCs from references.
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Anonymous-Phunter/PHunter
- https://github.com/CGCL-codes/PHunter
- https://github.com/LibHunter/LibHunter
- https://github.com/Whoopsunix/PPPVULNS
- https://github.com/dotanuki-labs/android-oss-cves-research
- https://github.com/lmarso-asapp/kotlin-unsecure
- https://github.com/pkrajanand/xstream_v1_4_11_security_issues
- https://github.com/pkrajanand/xstream_v1_4_9_security_issues
- https://github.com/x-poc/xstream-poc