pippo
Web & CMS Pluginsunknown
Top products
Latest CVEs
The 5 most recently published vulnerabilities affecting pippo.
- CVE-2019-5442XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process wil...7.5
- CVE-2018-20059jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE.9.8
- CVE-2018-18628An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.readObject() to deserialize a SessionData object without checking the objec...9.8
- CVE-2017-18349parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by...9.8
- CVE-2018-18240Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict un...9.8