![Dinis Cruz Blog: XStream "Remote Code Execution" exploit on code from "Standard way to serialize and deserialize Objects with XStream" article Dinis Cruz Blog: XStream "Remote Code Execution" exploit on code from "Standard way to serialize and deserialize Objects with XStream" article](http://3.bp.blogspot.com/-cuYNiJExdzM/UrZGeXt1WJI/AAAAAAAAFS0/YHPox9we0dw/s1600/Screen+Shot+2013-12-22+at+01.18.47.png)
Dinis Cruz Blog: XStream "Remote Code Execution" exploit on code from "Standard way to serialize and deserialize Objects with XStream" article
xstream/xstream/src/java/com/thoughtworks/xstream/converters/basic/BigDecimalConverter.java at master · x-stream/xstream · GitHub
![Dinis Cruz Blog: XStream "Remote Code Execution" exploit on code from "Standard way to serialize and deserialize Objects with XStream" article Dinis Cruz Blog: XStream "Remote Code Execution" exploit on code from "Standard way to serialize and deserialize Objects with XStream" article](http://1.bp.blogspot.com/--XV55ajaav8/UrY53k9vgrI/AAAAAAAAFQo/U6SJIptLR1c/s1600/Screen+Shot+2013-12-22+at+00.59.42.png)
Dinis Cruz Blog: XStream "Remote Code Execution" exploit on code from "Standard way to serialize and deserialize Objects with XStream" article
![Amazon.com : Future Way CC1500e Pool Filter Cartridge Replacement for Hayward XStream CC1500, Replace Hayward CCX1500RE, Pleatco PXST150, Unicel C-8316, 150 sq.ft : Patio, Lawn & Garden Amazon.com : Future Way CC1500e Pool Filter Cartridge Replacement for Hayward XStream CC1500, Replace Hayward CCX1500RE, Pleatco PXST150, Unicel C-8316, 150 sq.ft : Patio, Lawn & Garden](https://m.media-amazon.com/images/I/61b2tdNghpL.jpg)
Amazon.com : Future Way CC1500e Pool Filter Cartridge Replacement for Hayward XStream CC1500, Replace Hayward CCX1500RE, Pleatco PXST150, Unicel C-8316, 150 sq.ft : Patio, Lawn & Garden
![How to pass object as string when delivering message to process - Discussion & Questions - Camunda Forum How to pass object as string when delivering message to process - Discussion & Questions - Camunda Forum](https://forum.camunda.io/uploads/default/original/3X/4/f/4f75e7d6787c5a4ccd6af8925e9920d0ab4d0d15.png)
How to pass object as string when delivering message to process - Discussion & Questions - Camunda Forum
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling · Advisory · x-stream/xstream · GitHub
![XOM Serialization and Deserialization using XStream – IBM ODM Rules & More – Akif Patel (Rules Architect) XOM Serialization and Deserialization using XStream – IBM ODM Rules & More – Akif Patel (Rules Architect)](https://odm4rules.files.wordpress.com/2015/09/serialization-10.png?w=809&h=535)