com.thoughtworks.xstream:xstream vulnerabilities

  • latest version

    1.4.21

  • latest non vulnerable version

  • first published

    19 years ago

  • latest version published

    9 months ago

  • licenses detected

  • package registry

  • Direct Vulnerabilities

    Known vulnerabilities in the com.thoughtworks.xstream:xstream package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Deserialization of Untrusted Data

    [,1.4.21)
    • M
    Denial of Service (DoS)

    [,1.4.20)
    • M
    Denial of Service (DoS)

    [0,1.4.20)
    • H
    Denial of Service (DoS)

    [,1.4.19)
    • H
    Arbitrary Code Execution

    [,1.4.18)
    • H
    Arbitrary Code Execution

    [,1.4.18)
    • H
    Arbitrary Code Execution

    [,1.4.18)
    • H
    Arbitrary Code Execution

    [,1.4.18)
    • H
    Arbitrary Code Execution

    [,1.4.18)
    • H
    Remote Code Execution (RCE)

    [,1.4.18)
    • H
    Arbitrary Code Execution

    [,1.4.18)
    • H
    Arbitrary Code Execution

    [,1.4.18)
    • H
    Arbitrary Code Execution

    [,1.4.18)
    • M
    Denial of Service (DoS)

    [,1.4.18)
    • H
    Deserialization of Untrusted Data

    [,1.4.18)
    • H
    Server-Side Request Forgery (SSRF)

    [,1.4.18)
    • H
    Arbitrary Code Execution

    [,1.4.18)
    • H
    Arbitrary Code Execution

    [,1.4.18)
    • M
    Deserialization of Untrusted Data

    [,1.4.17)
    • M
    Deserialization of Untrusted Data

    [,1.4.16)
    • M
    Deserialization of Untrusted Data

    [,1.4.16)
    • H
    Deserialization of Untrusted Data

    [,1.4.16)
    • M
    Deserialization of Untrusted Data

    [,1.4.16)
    • M
    Deserialization of Untrusted Data

    [,1.4.16)
    • M
    Deserialization of Untrusted Data

    [,1.4.16)
    • M
    Deserialization of Untrusted Data

    [,1.4.16)
    • M
    Deserialization of Untrusted Data

    [,1.4.16)
    • M
    Deserialization of Untrusted Data

    [,1.4.16)
    • M
    Deserialization of Untrusted Data

    [,1.4.16)
    • M
    Deserialization of Untrusted Data

    [,1.4.16)
    • M
    Server-Side Request Forgery (SSRF)

    [,1.4.15)
    • M
    Arbitrary File Deletion

    [,1.4.15)
    • H
    Deserialization of Untrusted Data

    [,1.4.14)
    • C
    Deserialization of Untrusted Data

    [1.4.10,1.4.11)
    • H
    Denial of Service (DoS)

    [,1.4.10)
    • M
    Insecure XML deserialization

    [,1.4.7)[1.4.10,1.4.11)
    • H
    XML External Entity (XXE) Injection

    [0.3,1.4.9)

    Package versions

    46 VERSIONS IN TOTAL
    versionpublisheddirect vulnerabilities
    1.4.217 Nov, 2024
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    1.4.2023 Dec, 2022
    • 0
      C
    • 1
      H
    • 0
      M
    • 0
      L
    1.4.1929 Jan, 2022
    • 0
      C
    • 1
      H
    • 2
      M
    • 0
      L
    1.4.1822 Aug, 2021
    • 0
      C
    • 2
      H
    • 2
      M
    • 0
      L
    1.4.1714 May, 2021
    • 0
      C
    • 15
      H
    • 3
      M
    • 0
      L
    1.4.1612 Mar, 2021
    • 0
      C
    • 15
      H
    • 4
      M
    • 0
      L
    1.4.1512 Dec, 2020
    • 0
      C
    • 16
      H
    • 14
      M
    • 0
      L
    1.4.14-jdk715 Nov, 2020
    • 0
      C
    • 16
      H
    • 16
      M
    • 0
      L
    1.4.14-java724 Nov, 2020
    • 0
      C
    • 16
      H
    • 16
      M
    • 0
      L
    1.4.1415 Nov, 2020
    • 0
      C
    • 16
      H
    • 16
      M
    • 0
      L