Hello,
We just saw today (as we installed Greenshot), a vulnerability about Pippo.
Severity level is critical
Summary: Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling.
Impact: If a threat were to exploit this vulnerability, they could execute arbitrary code on the system, potentially leading to unauthorized access, data breaches, and further compromise of the affected system.
Remediation: Upgrade to Pippo version 1.11.1 or later.
More Details can be found here:
https://nvd.nist.gov/vuln/detail/CVE-2018-18240
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Hello,
We just saw today (as we installed Greenshot), a vulnerability about Pippo.
Severity level is critical
Summary: Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling.
Impact: If a threat were to exploit this vulnerability, they could execute arbitrary code on the system, potentially leading to unauthorized access, data breaches, and further compromise of the affected system.
Remediation: Upgrade to Pippo version 1.11.1 or later.
More Details can be found here:
https://nvd.nist.gov/vuln/detail/CVE-2018-18240
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H