pkg:maven/com.thoughtworks.xstream/xstream
Type
maven
Namespace
com.thoughtworks.xstream
Name
xstream
Known advisories, vulnerabilities and fixes for com.thoughtworks.xstream/xstream package.
Critical
2
High
22
Moderate
12
Low
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | < 1.4.16 |
CVE-2021-21341
|
MAVEN:GHSA-2P3X-QW9C-25HH | XStream can cause a Denial of Service. | high |
2021-03-22T23:27:51
(3 years ago) |
|
Fixed | = 1.4.16 |
CVE-2021-21341
|
MAVEN:GHSA-2P3X-QW9C-25HH | XStream can cause a Denial of Service. | high |
2021-03-22T23:27:51
(3 years ago) |
|
Affected | < 1.4.18 |
CVE-2021-39153
|
MAVEN:GHSA-2Q8X-2P7F-574V | XStream is vulnerable to an Arbitrary Code Execution attack | high |
2021-08-25T14:46:49
(3 years ago) |
|
Fixed | = 1.4.18 |
CVE-2021-39153
|
MAVEN:GHSA-2Q8X-2P7F-574V | XStream is vulnerable to an Arbitrary Code Execution attack | high |
2021-08-25T14:46:49
(3 years ago) |
|
Affected | < 1.4.18 |
CVE-2021-39149
|
MAVEN:GHSA-3CCQ-5VW3-2P6X | XStream is vulnerable to an Arbitrary Code Execution attack | high |
2021-08-25T14:47:28
(3 years ago) |
|
Fixed | = 1.4.18 |
CVE-2021-39149
|
MAVEN:GHSA-3CCQ-5VW3-2P6X | XStream is vulnerable to an Arbitrary Code Execution attack | high |
2021-08-25T14:47:28
(3 years ago) |
|
Affected | <= 1.4.19 | MAVEN:GHSA-3MQ5-FQ9H-GJ7J | Duplicate Advisory: Denial of Service due to parser crash | low |
2022-09-17T00:00:41
(2 years ago) |
||
Affected | < 1.4.16 |
CVE-2021-21350
|
MAVEN:GHSA-43GC-MJXG-GVRQ | XStream is vulnerable to an Arbitrary Code Execution attack | moderate |
2021-03-22T23:29:28
(3 years ago) |
|
Fixed | = 1.4.16 |
CVE-2021-21350
|
MAVEN:GHSA-43GC-MJXG-GVRQ | XStream is vulnerable to an Arbitrary Code Execution attack | moderate |
2021-03-22T23:29:28
(3 years ago) |
|
Affected | < 1.4.15 |
CVE-2020-26258
|
MAVEN:GHSA-4CCH-WXPW-8P28 | Server-Side Forgery Request can be activated unmarshalling with XStream | high |
2020-12-21T16:28:42
(3 years ago) |
|
Fixed | = 1.4.15 |
CVE-2020-26258
|
MAVEN:GHSA-4CCH-WXPW-8P28 | Server-Side Forgery Request can be activated unmarshalling with XStream | high |
2020-12-21T16:28:42
(3 years ago) |
|
Affected | < 1.4.16 |
CVE-2021-21346
|
MAVEN:GHSA-4HRM-M67V-5CXR | XStream is vulnerable to an Arbitrary Code Execution attack | moderate |
2021-03-22T23:28:49
(3 years ago) |
|
Fixed | = 1.4.16 |
CVE-2021-21346
|
MAVEN:GHSA-4HRM-M67V-5CXR | XStream is vulnerable to an Arbitrary Code Execution attack | moderate |
2021-03-22T23:28:49
(3 years ago) |
|
Affected | < 1.4.16 |
CVE-2021-21348
|
MAVEN:GHSA-56P8-3FH9-4CVQ | XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos) | moderate |
2021-03-22T23:29:09
(3 years ago) |
|
Fixed | = 1.4.16 |
CVE-2021-21348
|
MAVEN:GHSA-56P8-3FH9-4CVQ | XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos) | moderate |
2021-03-22T23:29:09
(3 years ago) |
|
Affected | < 1.4.16 |
CVE-2021-21344
|
MAVEN:GHSA-59JW-JQF4-3WQ3 | XStream is vulnerable to an Arbitrary Code Execution attack | moderate |
2021-03-22T23:28:23
(3 years ago) |
|
Fixed | = 1.4.16 |
CVE-2021-21344
|
MAVEN:GHSA-59JW-JQF4-3WQ3 | XStream is vulnerable to an Arbitrary Code Execution attack | moderate |
2021-03-22T23:28:23
(3 years ago) |
|
Affected | < 1.4.18 |
CVE-2021-39139
|
MAVEN:GHSA-64XX-CQ4Q-MF44 | XStream is vulnerable to an Arbitrary Code Execution attack | high |
2021-08-25T14:48:47
(3 years ago) |
|
Fixed | = 1.4.18 |
CVE-2021-39139
|
MAVEN:GHSA-64XX-CQ4Q-MF44 | XStream is vulnerable to an Arbitrary Code Execution attack | high |
2021-08-25T14:48:47
(3 years ago) |
|
Affected | < 1.4.18 |
CVE-2021-39154
|
MAVEN:GHSA-6W62-HX7R-MW68 | XStream is vulnerable to an Arbitrary Code Execution attack | high |
2021-08-25T14:46:38
(3 years ago) |
|
Fixed | = 1.4.18 |
CVE-2021-39154
|
MAVEN:GHSA-6W62-HX7R-MW68 | XStream is vulnerable to an Arbitrary Code Execution attack | high |
2021-08-25T14:46:38
(3 years ago) |
|
Affected | < 1.4.18 |
CVE-2021-39140
|
MAVEN:GHSA-6WF9-JMG9-VXCC | XStream can cause a Denial of Service | moderate |
2021-08-25T14:48:39
(3 years ago) |
|
Fixed | = 1.4.18 |
CVE-2021-39140
|
MAVEN:GHSA-6WF9-JMG9-VXCC | XStream can cause a Denial of Service | moderate |
2021-08-25T14:48:39
(3 years ago) |
|
Affected | < 1.4.16 |
CVE-2021-21343
|
MAVEN:GHSA-74CV-F58X-F9WF | XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights | moderate |
2021-03-22T23:28:13
(3 years ago) |
|
Fixed | = 1.4.16 |
CVE-2021-21343
|
MAVEN:GHSA-74CV-F58X-F9WF | XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights | moderate |
2021-03-22T23:28:13
(3 years ago) |
|
Affected | < 1.4.17 |
CVE-2021-29505
|
MAVEN:GHSA-7CHV-RRW6-W6FC | XStream is vulnerable to a Remote Command Execution attack | high |
2021-05-18T18:36:27
(3 years ago) |
|
Fixed | = 1.4.17 |
CVE-2021-29505
|
MAVEN:GHSA-7CHV-RRW6-W6FC | XStream is vulnerable to a Remote Command Execution attack | high |
2021-05-18T18:36:27
(3 years ago) |
|
Affected | < 1.4.10 |
CVE-2017-7957
|
MAVEN:GHSA-7HWC-46RM-65JH | Denial of service in XStream | high |
2020-06-30T22:48:24
(4 years ago) |
|
Fixed | = 1.4.10 |
CVE-2017-7957
|
MAVEN:GHSA-7HWC-46RM-65JH | Denial of service in XStream | high |
2020-06-30T22:48:24
(4 years ago) |
|
Affected | < 1.4.18 |
CVE-2021-39145
|
MAVEN:GHSA-8JRJ-525P-826V | XStream is vulnerable to an Arbitrary Code Execution attack | high |
2021-08-25T14:48:12
(3 years ago) |
|
Fixed | = 1.4.18 |
CVE-2021-39145
|
MAVEN:GHSA-8JRJ-525P-826V | XStream is vulnerable to an Arbitrary Code Execution attack | high |
2021-08-25T14:48:12
(3 years ago) |
|
Affected | < 1.4.18 |
CVE-2021-39150
|
MAVEN:GHSA-CXFM-5M4G-X7XP | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host | high |
2021-08-25T14:47:19
(3 years ago) |
|
Fixed | = 1.4.18 |
CVE-2021-39150
|
MAVEN:GHSA-CXFM-5M4G-X7XP | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host | high |
2021-08-25T14:47:19
(3 years ago) |
|
Affected | = 1.4.10 < 1.4.7 |
CVE-2013-7285
|
MAVEN:GHSA-F554-X222-WGF7 | Command Injection in Xstream | critical |
2019-05-29T18:05:03
(5 years ago) |
|
Fixed | = 1.4.11 = 1.4.7 |
CVE-2013-7285
|
MAVEN:GHSA-F554-X222-WGF7 | Command Injection in Xstream | critical |
2019-05-29T18:05:03
(5 years ago) |
|
Affected | < 1.4.16 |
CVE-2021-21349
|
MAVEN:GHSA-F6HM-88X3-MFJV | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host | moderate |
2021-03-22T23:29:19
(3 years ago) |
|
Fixed | = 1.4.16 |
CVE-2021-21349
|
MAVEN:GHSA-F6HM-88X3-MFJV | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host | moderate |
2021-03-22T23:29:19
(3 years ago) |
|
Affected | < 1.4.20 |
CVE-2022-40151
|
MAVEN:GHSA-F8CC-G7J8-XXPM | XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow | high |
2022-12-30T16:58:39
(20 months ago) |
|
Fixed | = 1.4.20 |
CVE-2022-40151
|
MAVEN:GHSA-F8CC-G7J8-XXPM | XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow | high |
2022-12-30T16:58:39
(20 months ago) |
|
Affected | < 1.4.18 |
CVE-2021-39141
|
MAVEN:GHSA-G5W6-MRJ7-75H2 | XStream is vulnerable to an Arbitrary Code Execution attack | high |
2021-08-25T14:48:31
(3 years ago) |
|
Fixed | = 1.4.18 |
CVE-2021-39141
|
MAVEN:GHSA-G5W6-MRJ7-75H2 | XStream is vulnerable to an Arbitrary Code Execution attack | high |
2021-08-25T14:48:31
(3 years ago) |
|
Affected | < 1.4.18 |
CVE-2021-39147
|
MAVEN:GHSA-H7V4-7XG3-HXCC | XStream is vulnerable to an Arbitrary Code Execution attack | high |
2021-08-25T14:47:46
(3 years ago) |
|
Fixed | = 1.4.18 |
CVE-2021-39147
|
MAVEN:GHSA-H7V4-7XG3-HXCC | XStream is vulnerable to an Arbitrary Code Execution attack | high |
2021-08-25T14:47:46
(3 years ago) |
|
Affected | <= 1.4.10 |
CVE-2019-10173
|
MAVEN:GHSA-HF23-9PF7-388P | Deserialization of Untrusted Data and Code Injection in xstream | critical |
2019-07-26T16:09:47
(5 years ago) |
|
Fixed | = 1.4.11 |
CVE-2019-10173
|
MAVEN:GHSA-HF23-9PF7-388P | Deserialization of Untrusted Data and Code Injection in xstream | critical |
2019-07-26T16:09:47
(5 years ago) |
|
Affected | < 1.4.18 |
CVE-2021-39151
|
MAVEN:GHSA-HPH2-M3G5-XXV4 | XStream is vulnerable to an Arbitrary Code Execution attack | high |
2021-08-25T14:47:09
(3 years ago) |
|
Fixed | = 1.4.18 |
CVE-2021-39151
|
MAVEN:GHSA-HPH2-M3G5-XXV4 | XStream is vulnerable to an Arbitrary Code Execution attack | high |
2021-08-25T14:47:09
(3 years ago) |
|
Affected | < 1.4.16 |
CVE-2021-21351
|
MAVEN:GHSA-HRCP-8F3Q-4W2C | XStream is vulnerable to an Arbitrary Code Execution attack | moderate |
2021-03-22T23:29:37
(3 years ago) |
|
Fixed | = 1.4.16 |
CVE-2021-21351
|
MAVEN:GHSA-HRCP-8F3Q-4W2C | XStream is vulnerable to an Arbitrary Code Execution attack | moderate |
2021-03-22T23:29:37
(3 years ago) |
|
Affected | < 1.4.16 |
CVE-2021-21342
|
MAVEN:GHSA-HVV8-336G-RX3M | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host | moderate |
2021-03-22T23:28:01
(3 years ago) |
|
Fixed | = 1.4.16 |
CVE-2021-21342
|
MAVEN:GHSA-HVV8-336G-RX3M | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host | moderate |
2021-03-22T23:28:01
(3 years ago) |
|
Affected | < 1.4.16 |
CVE-2021-21345
|
MAVEN:GHSA-HWPC-8XQV-JVJ4 | XStream is vulnerable to a Remote Command Execution attack | moderate |
2021-03-22T23:28:38
(3 years ago) |
|
Fixed | = 1.4.16 |
CVE-2021-21345
|
MAVEN:GHSA-HWPC-8XQV-JVJ4 | XStream is vulnerable to a Remote Command Execution attack | moderate |
2021-03-22T23:28:38
(3 years ago) |
|
Affected | < 1.4.20 |
CVE-2022-41966
|
MAVEN:GHSA-J563-GRX4-PJPV | XStream can cause Denial of Service via stack overflow | high |
2022-12-29T01:48:08
(20 months ago) |
|
Fixed | = 1.4.20 |
CVE-2022-41966
|
MAVEN:GHSA-J563-GRX4-PJPV | XStream can cause Denial of Service via stack overflow | high |
2022-12-29T01:48:08
(20 months ago) |
|
Affected | < 1.4.18 |
CVE-2021-39144
|
MAVEN:GHSA-J9H8-PHRW-H4FH | XStream is vulnerable to a Remote Command Execution attack | high |
2021-08-25T14:48:19
(3 years ago) |
|
Fixed | = 1.4.18 |
CVE-2021-39144
|
MAVEN:GHSA-J9H8-PHRW-H4FH | XStream is vulnerable to a Remote Command Execution attack | high |
2021-08-25T14:48:19
(3 years ago) |
|
Affected | < 1.4.15 |
CVE-2020-26259
|
MAVEN:GHSA-JFVX-7WRX-43FH | XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling | moderate |
2020-12-21T16:28:26
(3 years ago) |
|
Fixed | = 1.4.15 |
CVE-2020-26259
|
MAVEN:GHSA-JFVX-7WRX-43FH | XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling | moderate |
2020-12-21T16:28:26
(3 years ago) |
|
Affected | <= 1.4.13 |
CVE-2020-26217
|
MAVEN:GHSA-MW36-7C6C-Q4Q2 | XStream can be used for Remote Code Execution | high |
2020-11-16T20:07:59
(3 years ago) |
|
Fixed | = 1.4.14-jdk7 |
CVE-2020-26217
|
MAVEN:GHSA-MW36-7C6C-Q4Q2 | XStream can be used for Remote Code Execution | high |
2020-11-16T20:07:59
(3 years ago) |
|
Affected | < 1.4.18 |
CVE-2021-39146
|
MAVEN:GHSA-P8PQ-R894-FM8F | XStream is vulnerable to an Arbitrary Code Execution attack | high |
2021-08-25T14:47:57
(3 years ago) |
|
Fixed | = 1.4.18 |
CVE-2021-39146
|
MAVEN:GHSA-P8PQ-R894-FM8F | XStream is vulnerable to an Arbitrary Code Execution attack | high |
2021-08-25T14:47:57
(3 years ago) |
|
Affected | < 1.4.16 |
CVE-2021-21347
|
MAVEN:GHSA-QPFQ-PH7R-QV6F | XStream is vulnerable to an Arbitrary Code Execution attack | moderate |
2021-03-22T23:29:00
(3 years ago) |
|
Fixed | = 1.4.16 |
CVE-2021-21347
|
MAVEN:GHSA-QPFQ-PH7R-QV6F | XStream is vulnerable to an Arbitrary Code Execution attack | moderate |
2021-03-22T23:29:00
(3 years ago) |
|
Affected | < 1.4.18 |
CVE-2021-39148
|
MAVEN:GHSA-QRX8-8545-4WG2 | XStream is vulnerable to an Arbitrary Code Execution attack | high |
2021-08-25T14:47:38
(3 years ago) |
|
Fixed | = 1.4.18 |
CVE-2021-39148
|
MAVEN:GHSA-QRX8-8545-4WG2 | XStream is vulnerable to an Arbitrary Code Execution attack | high |
2021-08-25T14:47:38
(3 years ago) |
|
Affected | < 1.4.9 |
CVE-2016-3674
|
MAVEN:GHSA-RGH3-987H-WPMW | XML External Entity Injection in XStream | high |
2020-06-30T22:48:14
(4 years ago) |
|
Fixed | = 1.4.9 |
CVE-2016-3674
|
MAVEN:GHSA-RGH3-987H-WPMW | XML External Entity Injection in XStream | high |
2020-06-30T22:48:14
(4 years ago) |
|
Affected | < 1.4.19 |
CVE-2021-43859
|
MAVEN:GHSA-RMR5-CPV2-VGJF | Denial of Service by injecting highly recursive collections or maps in XStream | high |
2022-02-01T00:48:15
(2 years ago) |
|
Fixed | = 1.4.19 |
CVE-2021-43859
|
MAVEN:GHSA-RMR5-CPV2-VGJF | Denial of Service by injecting highly recursive collections or maps in XStream | high |
2022-02-01T00:48:15
(2 years ago) |
|
Affected | < 1.4.18 |
CVE-2021-39152
|
MAVEN:GHSA-XW4P-CRPJ-VJX2 | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host | high |
2021-08-25T14:46:59
(3 years ago) |
|
Fixed | = 1.4.18 |
CVE-2021-39152
|
MAVEN:GHSA-XW4P-CRPJ-VJX2 | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host | high |
2021-08-25T14:46:59
(3 years ago) |