Security vulnerability

47 views
Skip to first unread message

Piotr Bazydło

unread,
Aug 20, 2021, 6:18:58 AM8/20/21
to XStream User
Hi,

Could you please provide me permissions for publication in XStream Security group, as I would like to report issue in XStream 1.4.17.

Best regards,
Piotr

Jörg Schaible

unread,
Aug 22, 2021, 6:00:48 PM8/22/21
to XStream User, Piotr Bazydło
Hi Piotr,

On Friday, 20. August 2021, 12:18:58 CEST Piotr Bazydło wrote:
> Hi,
>
> Could you please provide me permissions for publication in XStream Security
> group, as I would like to report issue in XStream 1.4.17.

Can you please check this against XStream 1.4.18?

Regards,
Jörg


Piotr Bazydło

unread,
Aug 23, 2021, 6:03:05 AM8/23/21
to Jörg Schaible, XStream User
Hi,

Thanks for the response. Default whitelist solves 2 major issues. I have one more issue which can be exploited in 1.4.18. However, this is a low-severity issue, which is some kind of enumeration/information disclosure issue and does not lead to anything serious like RCE, SSRF or file upload/deletion.

Best regards,
PB

Jörg Schaible

unread,
Aug 25, 2021, 2:42:10 PM8/25/21
to XStream User
Hi,

you should have received a welcome mail from the Security list.

Regards,
Jörg
Reply all
Reply to author
Forward
0 new messages