1. Home
  2. Packages
  3. maven
  4. com.thoughtworks.xstream
  5. xstream

pkg:maven/com.thoughtworks.xstream/xstream

Type maven
Namespace com.thoughtworks.xstream
Name xstream

Known advisories, vulnerabilities and fixes for com.thoughtworks.xstream/xstream package.

Repository
https://mvnrepository.com/artifact/com.thoughtworks.xstream/xstream
Critical 2
High 22
Moderate 12
Low 1
Type Version Distribution # CVEs # Advisory ID Title Severity Published
Affected < 1.4.16 CVE-2021-21341
maven MAVEN:GHSA-2P3X-QW9C-25HH XStream can cause a Denial of Service. high 2021-03-22T23:27:51
(3 years ago)
Fixed = 1.4.16 CVE-2021-21341
maven MAVEN:GHSA-2P3X-QW9C-25HH XStream can cause a Denial of Service. high 2021-03-22T23:27:51
(3 years ago)
Affected < 1.4.18 CVE-2021-39153
maven MAVEN:GHSA-2Q8X-2P7F-574V XStream is vulnerable to an Arbitrary Code Execution attack high 2021-08-25T14:46:49
(3 years ago)
Fixed = 1.4.18 CVE-2021-39153
maven MAVEN:GHSA-2Q8X-2P7F-574V XStream is vulnerable to an Arbitrary Code Execution attack high 2021-08-25T14:46:49
(3 years ago)
Affected < 1.4.18 CVE-2021-39149
maven MAVEN:GHSA-3CCQ-5VW3-2P6X XStream is vulnerable to an Arbitrary Code Execution attack high 2021-08-25T14:47:28
(3 years ago)
Fixed = 1.4.18 CVE-2021-39149
maven MAVEN:GHSA-3CCQ-5VW3-2P6X XStream is vulnerable to an Arbitrary Code Execution attack high 2021-08-25T14:47:28
(3 years ago)
Affected <= 1.4.19 maven MAVEN:GHSA-3MQ5-FQ9H-GJ7J Duplicate Advisory: Denial of Service due to parser crash low 2022-09-17T00:00:41
(2 years ago)
Affected < 1.4.16 CVE-2021-21350
maven MAVEN:GHSA-43GC-MJXG-GVRQ XStream is vulnerable to an Arbitrary Code Execution attack moderate 2021-03-22T23:29:28
(3 years ago)
Fixed = 1.4.16 CVE-2021-21350
maven MAVEN:GHSA-43GC-MJXG-GVRQ XStream is vulnerable to an Arbitrary Code Execution attack moderate 2021-03-22T23:29:28
(3 years ago)
Affected < 1.4.15 CVE-2020-26258
maven MAVEN:GHSA-4CCH-WXPW-8P28 Server-Side Forgery Request can be activated unmarshalling with XStream high 2020-12-21T16:28:42
(3 years ago)
Fixed = 1.4.15 CVE-2020-26258
maven MAVEN:GHSA-4CCH-WXPW-8P28 Server-Side Forgery Request can be activated unmarshalling with XStream high 2020-12-21T16:28:42
(3 years ago)
Affected < 1.4.16 CVE-2021-21346
maven MAVEN:GHSA-4HRM-M67V-5CXR XStream is vulnerable to an Arbitrary Code Execution attack moderate 2021-03-22T23:28:49
(3 years ago)
Fixed = 1.4.16 CVE-2021-21346
maven MAVEN:GHSA-4HRM-M67V-5CXR XStream is vulnerable to an Arbitrary Code Execution attack moderate 2021-03-22T23:28:49
(3 years ago)
Affected < 1.4.16 CVE-2021-21348
maven MAVEN:GHSA-56P8-3FH9-4CVQ XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos) moderate 2021-03-22T23:29:09
(3 years ago)
Fixed = 1.4.16 CVE-2021-21348
maven MAVEN:GHSA-56P8-3FH9-4CVQ XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos) moderate 2021-03-22T23:29:09
(3 years ago)
Affected < 1.4.16 CVE-2021-21344
maven MAVEN:GHSA-59JW-JQF4-3WQ3 XStream is vulnerable to an Arbitrary Code Execution attack moderate 2021-03-22T23:28:23
(3 years ago)
Fixed = 1.4.16 CVE-2021-21344
maven MAVEN:GHSA-59JW-JQF4-3WQ3 XStream is vulnerable to an Arbitrary Code Execution attack moderate 2021-03-22T23:28:23
(3 years ago)
Affected < 1.4.18 CVE-2021-39139
maven MAVEN:GHSA-64XX-CQ4Q-MF44 XStream is vulnerable to an Arbitrary Code Execution attack high 2021-08-25T14:48:47
(3 years ago)
Fixed = 1.4.18 CVE-2021-39139
maven MAVEN:GHSA-64XX-CQ4Q-MF44 XStream is vulnerable to an Arbitrary Code Execution attack high 2021-08-25T14:48:47
(3 years ago)
Affected < 1.4.18 CVE-2021-39154
maven MAVEN:GHSA-6W62-HX7R-MW68 XStream is vulnerable to an Arbitrary Code Execution attack high 2021-08-25T14:46:38
(3 years ago)
Fixed = 1.4.18 CVE-2021-39154
maven MAVEN:GHSA-6W62-HX7R-MW68 XStream is vulnerable to an Arbitrary Code Execution attack high 2021-08-25T14:46:38
(3 years ago)
Affected < 1.4.18 CVE-2021-39140
maven MAVEN:GHSA-6WF9-JMG9-VXCC XStream can cause a Denial of Service moderate 2021-08-25T14:48:39
(3 years ago)
Fixed = 1.4.18 CVE-2021-39140
maven MAVEN:GHSA-6WF9-JMG9-VXCC XStream can cause a Denial of Service moderate 2021-08-25T14:48:39
(3 years ago)
Affected < 1.4.16 CVE-2021-21343
maven MAVEN:GHSA-74CV-F58X-F9WF XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights moderate 2021-03-22T23:28:13
(3 years ago)
Fixed = 1.4.16 CVE-2021-21343
maven MAVEN:GHSA-74CV-F58X-F9WF XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights moderate 2021-03-22T23:28:13
(3 years ago)
Affected < 1.4.17 CVE-2021-29505
maven MAVEN:GHSA-7CHV-RRW6-W6FC XStream is vulnerable to a Remote Command Execution attack high 2021-05-18T18:36:27
(3 years ago)
Fixed = 1.4.17 CVE-2021-29505
maven MAVEN:GHSA-7CHV-RRW6-W6FC XStream is vulnerable to a Remote Command Execution attack high 2021-05-18T18:36:27
(3 years ago)
Affected < 1.4.10 CVE-2017-7957
maven MAVEN:GHSA-7HWC-46RM-65JH Denial of service in XStream high 2020-06-30T22:48:24
(4 years ago)
Fixed = 1.4.10 CVE-2017-7957
maven MAVEN:GHSA-7HWC-46RM-65JH Denial of service in XStream high 2020-06-30T22:48:24
(4 years ago)
Affected < 1.4.18 CVE-2021-39145
maven MAVEN:GHSA-8JRJ-525P-826V XStream is vulnerable to an Arbitrary Code Execution attack high 2021-08-25T14:48:12
(3 years ago)
Fixed = 1.4.18 CVE-2021-39145
maven MAVEN:GHSA-8JRJ-525P-826V XStream is vulnerable to an Arbitrary Code Execution attack high 2021-08-25T14:48:12
(3 years ago)
Affected < 1.4.18 CVE-2021-39150
maven MAVEN:GHSA-CXFM-5M4G-X7XP A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host high 2021-08-25T14:47:19
(3 years ago)
Fixed = 1.4.18 CVE-2021-39150
maven MAVEN:GHSA-CXFM-5M4G-X7XP A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host high 2021-08-25T14:47:19
(3 years ago)
Affected = 1.4.10 < 1.4.7 CVE-2013-7285
maven MAVEN:GHSA-F554-X222-WGF7 Command Injection in Xstream critical 2019-05-29T18:05:03
(5 years ago)
Fixed = 1.4.11 = 1.4.7 CVE-2013-7285
maven MAVEN:GHSA-F554-X222-WGF7 Command Injection in Xstream critical 2019-05-29T18:05:03
(5 years ago)
Affected < 1.4.16 CVE-2021-21349
maven MAVEN:GHSA-F6HM-88X3-MFJV A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host moderate 2021-03-22T23:29:19
(3 years ago)
Fixed = 1.4.16 CVE-2021-21349
maven MAVEN:GHSA-F6HM-88X3-MFJV A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host moderate 2021-03-22T23:29:19
(3 years ago)
Affected < 1.4.20 CVE-2022-40151
maven MAVEN:GHSA-F8CC-G7J8-XXPM XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow high 2022-12-30T16:58:39
(20 months ago)
Fixed = 1.4.20 CVE-2022-40151
maven MAVEN:GHSA-F8CC-G7J8-XXPM XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow high 2022-12-30T16:58:39
(20 months ago)
Affected < 1.4.18 CVE-2021-39141
maven MAVEN:GHSA-G5W6-MRJ7-75H2 XStream is vulnerable to an Arbitrary Code Execution attack high 2021-08-25T14:48:31
(3 years ago)
Fixed = 1.4.18 CVE-2021-39141
maven MAVEN:GHSA-G5W6-MRJ7-75H2 XStream is vulnerable to an Arbitrary Code Execution attack high 2021-08-25T14:48:31
(3 years ago)
Affected < 1.4.18 CVE-2021-39147
maven MAVEN:GHSA-H7V4-7XG3-HXCC XStream is vulnerable to an Arbitrary Code Execution attack high 2021-08-25T14:47:46
(3 years ago)
Fixed = 1.4.18 CVE-2021-39147
maven MAVEN:GHSA-H7V4-7XG3-HXCC XStream is vulnerable to an Arbitrary Code Execution attack high 2021-08-25T14:47:46
(3 years ago)
Affected <= 1.4.10 CVE-2019-10173
maven MAVEN:GHSA-HF23-9PF7-388P Deserialization of Untrusted Data and Code Injection in xstream critical 2019-07-26T16:09:47
(5 years ago)
Fixed = 1.4.11 CVE-2019-10173
maven MAVEN:GHSA-HF23-9PF7-388P Deserialization of Untrusted Data and Code Injection in xstream critical 2019-07-26T16:09:47
(5 years ago)
Affected < 1.4.18 CVE-2021-39151
maven MAVEN:GHSA-HPH2-M3G5-XXV4 XStream is vulnerable to an Arbitrary Code Execution attack high 2021-08-25T14:47:09
(3 years ago)
Fixed = 1.4.18 CVE-2021-39151
maven MAVEN:GHSA-HPH2-M3G5-XXV4 XStream is vulnerable to an Arbitrary Code Execution attack high 2021-08-25T14:47:09
(3 years ago)
Affected < 1.4.16 CVE-2021-21351
maven MAVEN:GHSA-HRCP-8F3Q-4W2C XStream is vulnerable to an Arbitrary Code Execution attack moderate 2021-03-22T23:29:37
(3 years ago)
Fixed = 1.4.16 CVE-2021-21351
maven MAVEN:GHSA-HRCP-8F3Q-4W2C XStream is vulnerable to an Arbitrary Code Execution attack moderate 2021-03-22T23:29:37
(3 years ago)
Affected < 1.4.16 CVE-2021-21342
maven MAVEN:GHSA-HVV8-336G-RX3M A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host moderate 2021-03-22T23:28:01
(3 years ago)
Fixed = 1.4.16 CVE-2021-21342
maven MAVEN:GHSA-HVV8-336G-RX3M A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host moderate 2021-03-22T23:28:01
(3 years ago)
Affected < 1.4.16 CVE-2021-21345
maven MAVEN:GHSA-HWPC-8XQV-JVJ4 XStream is vulnerable to a Remote Command Execution attack moderate 2021-03-22T23:28:38
(3 years ago)
Fixed = 1.4.16 CVE-2021-21345
maven MAVEN:GHSA-HWPC-8XQV-JVJ4 XStream is vulnerable to a Remote Command Execution attack moderate 2021-03-22T23:28:38
(3 years ago)
Affected < 1.4.20 CVE-2022-41966
maven MAVEN:GHSA-J563-GRX4-PJPV XStream can cause Denial of Service via stack overflow high 2022-12-29T01:48:08
(20 months ago)
Fixed = 1.4.20 CVE-2022-41966
maven MAVEN:GHSA-J563-GRX4-PJPV XStream can cause Denial of Service via stack overflow high 2022-12-29T01:48:08
(20 months ago)
Affected < 1.4.18 CVE-2021-39144
maven MAVEN:GHSA-J9H8-PHRW-H4FH XStream is vulnerable to a Remote Command Execution attack high 2021-08-25T14:48:19
(3 years ago)
Fixed = 1.4.18 CVE-2021-39144
maven MAVEN:GHSA-J9H8-PHRW-H4FH XStream is vulnerable to a Remote Command Execution attack high 2021-08-25T14:48:19
(3 years ago)
Affected < 1.4.15 CVE-2020-26259
maven MAVEN:GHSA-JFVX-7WRX-43FH XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling moderate 2020-12-21T16:28:26
(3 years ago)
Fixed = 1.4.15 CVE-2020-26259
maven MAVEN:GHSA-JFVX-7WRX-43FH XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling moderate 2020-12-21T16:28:26
(3 years ago)
Affected <= 1.4.13 CVE-2020-26217
maven MAVEN:GHSA-MW36-7C6C-Q4Q2 XStream can be used for Remote Code Execution high 2020-11-16T20:07:59
(3 years ago)
Fixed = 1.4.14-jdk7 CVE-2020-26217
maven MAVEN:GHSA-MW36-7C6C-Q4Q2 XStream can be used for Remote Code Execution high 2020-11-16T20:07:59
(3 years ago)
Affected < 1.4.18 CVE-2021-39146
maven MAVEN:GHSA-P8PQ-R894-FM8F XStream is vulnerable to an Arbitrary Code Execution attack high 2021-08-25T14:47:57
(3 years ago)
Fixed = 1.4.18 CVE-2021-39146
maven MAVEN:GHSA-P8PQ-R894-FM8F XStream is vulnerable to an Arbitrary Code Execution attack high 2021-08-25T14:47:57
(3 years ago)
Affected < 1.4.16 CVE-2021-21347
maven MAVEN:GHSA-QPFQ-PH7R-QV6F XStream is vulnerable to an Arbitrary Code Execution attack moderate 2021-03-22T23:29:00
(3 years ago)
Fixed = 1.4.16 CVE-2021-21347
maven MAVEN:GHSA-QPFQ-PH7R-QV6F XStream is vulnerable to an Arbitrary Code Execution attack moderate 2021-03-22T23:29:00
(3 years ago)
Affected < 1.4.18 CVE-2021-39148
maven MAVEN:GHSA-QRX8-8545-4WG2 XStream is vulnerable to an Arbitrary Code Execution attack high 2021-08-25T14:47:38
(3 years ago)
Fixed = 1.4.18 CVE-2021-39148
maven MAVEN:GHSA-QRX8-8545-4WG2 XStream is vulnerable to an Arbitrary Code Execution attack high 2021-08-25T14:47:38
(3 years ago)
Affected < 1.4.9 CVE-2016-3674
maven MAVEN:GHSA-RGH3-987H-WPMW XML External Entity Injection in XStream high 2020-06-30T22:48:14
(4 years ago)
Fixed = 1.4.9 CVE-2016-3674
maven MAVEN:GHSA-RGH3-987H-WPMW XML External Entity Injection in XStream high 2020-06-30T22:48:14
(4 years ago)
Affected < 1.4.19 CVE-2021-43859
maven MAVEN:GHSA-RMR5-CPV2-VGJF Denial of Service by injecting highly recursive collections or maps in XStream high 2022-02-01T00:48:15
(2 years ago)
Fixed = 1.4.19 CVE-2021-43859
maven MAVEN:GHSA-RMR5-CPV2-VGJF Denial of Service by injecting highly recursive collections or maps in XStream high 2022-02-01T00:48:15
(2 years ago)
Affected < 1.4.18 CVE-2021-39152
maven MAVEN:GHSA-XW4P-CRPJ-VJX2 A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host high 2021-08-25T14:46:59
(3 years ago)
Fixed = 1.4.18 CVE-2021-39152
maven MAVEN:GHSA-XW4P-CRPJ-VJX2 A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host high 2021-08-25T14:46:59
(3 years ago)