VDB

CVE-2013-7285

CVE-2013-7285 PUBLISHED

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.

EPSS 18.77% · 95.4th percentile

Risk Scores

EPSS Score
18.77%
95.4th percentile

Affected Products

VendorProductVersions
Ubuntu:14.04:LTSlibxstream-java1.4.4-1, 0

Timeline

  • Jan 7, 2016 PoC Published
  • May 15, 2019 CVE Published
  • Jul 18, 2019 CVE Updated
  • Feb 4, 2022 EPSS Score
  • Mar 30, 2023 EPSS Score
  • Jan 10, 2024 EPSS Score
  • Apr 23, 2024 EPSS Score
  • May 26, 2024 EPSS Score
  • Oct 5, 2024 EPSS Score
  • Mar 17, 2025 EPSS Score
  • Mar 19, 2025 EPSS Score
  • Mar 23, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›