CVE-2017-7957
published 2017-04-29CVE-2017-7957: XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("") call.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | bamboo_data_center | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libxstream-java | < libxstream-java 1.4.9-2 (bookworm) | libxstream-java 1.4.9-2 (bookworm) |
| redhat | fuse | — | — |
| redhat | jboss_middleware | — | — |
| xstream | xstream | <= 1.4.9 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH