1.4.15 +``` + +## 漏洞复现 + +poc: + +``` +import com.thoughtworks.xstream.XStream; + +/* +CVE-2020-26258: A Server-Side Forgery Request can be activated unmarshalling +with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local ...