Vulnerabilities > Pippo > Pippo > 0.9.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-10-11 | CVE-2018-18240 | Deserialization of Untrusted Data vulnerability in Pippo Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling. | 7.5 |