Vulnerabilities > Pippo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-12 | CVE-2019-5442 | XML Entity Expansion vulnerability in Pippo 1.12.0 XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. | 7.5 |
| 2018-12-11 | CVE-2018-20059 | XXE vulnerability in Pippo 1.11.0 jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. | 9.8 |
| 2018-10-23 | CVE-2018-18628 | Deserialization of Untrusted Data vulnerability in Pippo 1.11.0 An issue was discovered in Pippo 1.11.0. | 9.8 |
| 2018-10-23 | CVE-2017-18349 | Improper Input Validation vulnerability in multiple products parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java. | 9.8 |
| 2018-10-11 | CVE-2018-18240 | Deserialization of Untrusted Data vulnerability in Pippo Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling. | 9.8 |