CVE-2013-7285 vulnerability in Xstreamproject and Other Products
Published on May 15, 2019

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.

Github Repository NVD

Products Associated with CVE-2013-7285

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2013-7285 are published in these products:

Xstreamproject Xstream

X Stream Xstream

Xstream

Oracle Endeca Information Discovery Studio

Apache ActiveMQ

Vulnerable Packages

The following package name and versions may be associated with CVE-2013-7285

Package Manager	Vulnerable Package	Versions	Fixed In
maven	com.thoughtworks.xstream:xstream	< 1.4.15	1.4.15
maven	com.thoughtworks.xstream:xstream	<= 1.4.13	1.4.14-jdk7

Exploit Probability

EPSS

15.05%

Percentile

94.42%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2013-7285 vulnerability in Xstreamproject and Other ProductsPublished on May 15, 2019

Products Associated with CVE-2013-7285

Vulnerable Packages

Exploit Probability

CVE-2013-7285 vulnerability in Xstreamproject and Other Products
Published on May 15, 2019