CVE-2020-26217

Description

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.

NVD
Severity: HIGH
CVE ID: CVE-2020-26217
CVSS Score: 8.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

GitHub, Inc.
Severity: HIGH
CVE ID: CVE-2020-26217
CVSS Score: 8.0
CVSS Metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2020-26217

Refrence: Project Discovery GitHub

novysodope

CVE-2020-26217 XStream RCE POC

Refrence: GitHub

Al1ex

CVE-2020-26217 && XStream RCE

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept