X-Stream Xstream vulnerabilities

CVE-2024-47072 [HIGH] CWE-121 CVE-2024-47072: XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. XStream 1.4.21 has been patched to det

CVE-2022-41966 [HIGH] CWE-120 CVE-2022-41966: XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote a XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculatio

CVE-2021-43859 [HIGH] CWE-400 Denial of Service by injecting highly recursive collections or maps in XStream Denial of Service by injecting highly recursive collections or maps in XStream XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processe

CVE-2021-39139 [HIGH] CWE-434 CVE-2021-39139: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario c

CVE-2021-39150 [HIGH] CWE-502 CVE-2021-39150: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to

CVE-2021-39154 [HIGH] CWE-434 CVE-2021-39154: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39153 [HIGH] CWE-434 CVE-2021-39153: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is aff

CVE-2021-39151 [HIGH] CWE-434 CVE-2021-39151: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39141 [HIGH] CWE-434 CVE-2021-39141: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39152 [HIGH] CWE-502 CVE-2021-39152: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to

CVE-2021-39146 [HIGH] CWE-434 CVE-2021-39146: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39149 [HIGH] CWE-434 CVE-2021-39149: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39145 [HIGH] CWE-434 CVE-2021-39145: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39147 [HIGH] CWE-434 CVE-2021-39147: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39144 [HIGH] CWE-94 CVE-2021-39144: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist lim

CVE-2021-39148 [HIGH] CWE-434 CVE-2021-39148: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39140 [MEDIUM] CWE-502 CVE-2021-39140: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected,

CVE-2021-29505 [HIGH] CWE-94 CVE-2021-29505: XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream v XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limi

CVE-2021-21346 [MEDIUM] CWE-434 CVE-2021-21346: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4. XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security fram

CVE-2021-21351 [MEDIUM] CWE-434 CVE-2021-21351: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4. XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework