## Critical XStream Vulnerability (CVE-2013-7285) Exposes Systems to Remote Code Execution
A critical severity vulnerability, CVE-2013-7285, has been detected in the XStream library version 1.4.5.jar. XStream is a widely used Java library for serializing objects to XML and back. The vulnerability affects XStream API versions up to 1.4.6 and version 1.4.10. The core issue is that if the library's security framework has not been explicitly initialized, a remote attacker can execute arbitrary shell commands by manipulating the processed input stream during unmarshaling. This attack vector is not limited to XML; it can be exploited using any supported format, including JSON. The vulnerability was publicly disclosed on May 15, 2019. The specific instance was found in a GitHub repository within the dependency file `/WebGoat8/pom.xml`. This flaw represents a severe security risk, allowing for complete system compromise if a vulnerable application processes untrusted data.
---
- **Source**: 
- **Sector**: The Network
- **Tags**: xstream, java, xml, json, cve-2013-7285
- **Credibility**: unverified
- **Published**: 2026-03-05 10:29:23
- **ID**: 1820
- **URL**: https://whisperx.ai/en/intel/1820