CVE-2020-26217
Description
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
NVD
Severity: HIGH
CVE ID: CVE-2020-26217
CVSS Score: 8.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
GitHub, Inc.
Severity: HIGH
CVE ID: CVE-2020-26217
CVSS Score: 8.0
CVSS Metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2020-26217
Refrence: Project Discovery GitHub
novysodope
CVE-2020-26217 XStream RCE POC
Refrence: GitHub
Al1ex
CVE-2020-26217 && XStream RCE
Refrence: GitHub