com.thoughtworks.xstream:xstream 1.4.19 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the com.thoughtworks.xstream:xstream package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Deserialization of Untrusted Data com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to a manipulated binary input stream. An attacker can terminate the application with a stack overflow error resulting in a denial of service by manipulating the processed input stream when configured to use the `BinaryStreamDriver`. How to fix Deserialization of Untrusted Data? Upgrade `com.thoughtworks.xstream:xstream` to version 1.4.21 or higher.	[,1.4.21)
M Denial of Service (DoS) com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again. Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can manipulate the processed input stream at unmarshalling time, and replace or inject objects. This can result in a stack overflow calculating a recursive hash set, causing a denial of service. How to fix Denial of Service (DoS)? Upgrade `com.thoughtworks.xstream:xstream` to version 1.4.20 or higher.	[,1.4.20)
M Denial of Service (DoS) com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again. Affected versions of this package are vulnerable to Denial of Service (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. How to fix Denial of Service (DoS)? Upgrade `com.thoughtworks.xstream:xstream` to version 1.4.20 or higher.	[0,1.4.20)

Vulnerability

Vulnerable Version

Deserialization of Untrusted Data

com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to a manipulated binary input stream. An attacker can terminate the application with a stack overflow error resulting in a denial of service by manipulating the processed input stream when configured to use the BinaryStreamDriver.

How to fix Deserialization of Untrusted Data?

Upgrade com.thoughtworks.xstream:xstream to version 1.4.21 or higher.

[,1.4.21)

Denial of Service (DoS)

com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.

Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can manipulate the processed input stream at unmarshalling time, and replace or inject objects. This can result in a stack overflow calculating a recursive hash set, causing a denial of service.

How to fix Denial of Service (DoS)?

Upgrade com.thoughtworks.xstream:xstream to version 1.4.20 or higher.

[,1.4.20)

Denial of Service (DoS)

com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.

Affected versions of this package are vulnerable to Denial of Service (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow.

How to fix Denial of Service (DoS)?

Upgrade com.thoughtworks.xstream:xstream to version 1.4.20 or higher.

[0,1.4.20)

com.thoughtworks.xstream:xstream@1.4.19 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

How to fix?