CVE-2021-21344

Deserialization of Untrusted Data in maven/com.thoughtworks.xstream/xstream

Identifier

CVE-2021-21344

Package Slug

maven/com.thoughtworks.xstream/xstream

Vulnerability

Deserialization of Untrusted Data

Description

XStream is a Java library to serialize objects to XML and back again. In XStream, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream.

Affected Versions

All versions before 1.4.16

Solution

Upgrade to version 1.4.16 or above.

Last Modified

2021-03-26

source