XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling · Advisory · x-stream/xstream · GitHub
Ptrace Security GmbH on X: "CVE-2020-26258: A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the