com.thoughtworks.xstream:xstream@1.4.18 vulnerabilities
-
latest version
1.4.20
-
latest non vulnerable version
-
first published
18 years ago
-
latest version published
a year ago
-
licenses detected
- [1.4.12,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the com.thoughtworks.xstream:xstream package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again. Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can manipulate the processed input stream at unmarshalling time, and replace or inject objects. This can result in a stack overflow calculating a recursive hash set, causing a denial of service. How to fix Denial of Service (DoS)? Upgrade |
[,1.4.20)
|
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again. Affected versions of this package are vulnerable to Denial of Service (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. How to fix Denial of Service (DoS)? Upgrade |
[0,1.4.20)
|
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again. Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can manipulate the processed input stream and replace or inject objects, that result in exponential recursively hashcode calculation, How to fix Denial of Service (DoS)? Upgrade |
[,1.4.19)
|