CVE-2021-21343

Deserialization of Untrusted Data in maven/com.thoughtworks.xstream/xstream

Identifier

CVE-2021-21343

Package Slug

maven/com.thoughtworks.xstream/xstream

Vulnerability

Deserialization of Untrusted Data

Description

XStream is a Java library to serialize objects to XML and back again. In XStream, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information.

Affected Versions

All versions before 1.4.16

Solution

Upgrade to version 1.4.16 or above.

Last Modified

2021-03-26

source