Skip to main content

Pippo

4 CVEs product

Monthly

CVE-2019-5442 Maven HIGH POC This Week

XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pippo
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2018-20059 Maven CRITICAL POC PATCH Act Now

jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Pippo
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-18628 Maven CRITICAL POC PATCH Act Now

An issue was discovered in Pippo 1.11.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Pippo
NVD GitHub
CVSS 3.0
9.8
EPSS
5.5%
CVE-2018-18240 Maven CRITICAL POC PATCH Act Now

Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Pippo
NVD GitHub
CVSS 3.0
9.8
EPSS
3.7%
EPSS 1% CVSS 7.5
HIGH POC This Week

XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pippo
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Pippo
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue was discovered in Pippo 1.11.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Pippo
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Pippo
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy