xstream vulnerabilities

Known vulnerabilities in the xstream package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Out-of-bounds Write	*
M Resource Exhaustion	*
H Deserialization of Untrusted Data	<0:1.3.1-16.el7_9
H Unrestricted Upload of File with Dangerous Type	<0:1.3.1-16.el7_9
H Unrestricted Upload of File with Dangerous Type	<0:1.3.1-16.el7_9
H Deserialization of Untrusted Data	<0:1.3.1-16.el7_9
H Unrestricted Upload of File with Dangerous Type	<0:1.3.1-16.el7_9
H Unrestricted Upload of File with Dangerous Type	<0:1.3.1-16.el7_9
H Deserialization of Untrusted Data	<0:1.3.1-16.el7_9
H Loop with Unreachable Exit Condition ('Infinite Loop')	<0:1.3.1-16.el7_9
H Unrestricted Upload of File with Dangerous Type	<0:1.3.1-16.el7_9
H Unrestricted Upload of File with Dangerous Type	<0:1.3.1-16.el7_9
H Arbitrary Code Injection	<0:1.3.1-16.el7_9
H Deserialization of Untrusted Data	<0:1.3.1-16.el7_9
H Deserialization of Untrusted Data	<0:1.3.1-16.el7_9
H Unrestricted Upload of File with Dangerous Type	<0:1.3.1-16.el7_9
H Arbitrary Code Injection	<0:1.3.1-14.el7_9
H Deserialization of Untrusted Data	<0:1.3.1-13.el7_9
H Deserialization of Untrusted Data	<0:1.3.1-13.el7_9
H Deserialization of Untrusted Data	<0:1.3.1-13.el7_9
H Deserialization of Untrusted Data	<0:1.3.1-13.el7_9
H Deserialization of Untrusted Data	<0:1.3.1-13.el7_9
H Deserialization of Untrusted Data	<0:1.3.1-12.el7_9
M Deserialization of Untrusted Data	*
M Deserialization of Untrusted Data	*
M Deserialization of Untrusted Data	*
M Deserialization of Untrusted Data	*
M Deserialization of Untrusted Data	*
M Deserialization of Untrusted Data	*
M OS Command Injection	*
M Server-Side Request Forgery (SSRF)	*
M Improper Input Validation	*
M XML External Entity (XXE) Injection	*

Vulnerability

Vulnerable Version

Out-of-bounds Write