Description
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages.
Scores
CVSS v3
9.8
EPSS
0.0276
EPSS Percentile
86.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-776
Status
published
Products (2)
talend/restlet
2.2 m1 (9 CPE variants)
talend/restlet
< 2.1.7
Published
Feb 19, 2020
Tracked Since
Feb 18, 2026