CVE-2017-7957
CVSS v3.0
7.5 (High)
CVSS v2.0
5 (Medium)
EPSS
79.30 % (98th)
Affected Products
2
Advisories
5
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call.
Weaknesses
- CWE-20
- Improper Input Validation
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2017-04-29 19:59:00
(7 years ago) - Updated Date
-
2019-03-26 17:15:49
(5 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...