CVE-2020-26258, CVE-2020-26259: XStream Security Vulnerabilites Alert
Vulnerability Detail
CVE-2020-26258: A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host.
CVE-2020-26259: XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights.
Affected version
- XStream <=1.4.14
Unaffected version
- XStream 1.4.15