CVE-2021-21345

Deserialization of Untrusted Data in maven/com.thoughtworks.xstream/xstream

Identifier

CVE-2021-21345

Package Slug

maven/com.thoughtworks.xstream/xstream

Vulnerability

Deserialization of Untrusted Data

Description

XStream is a Java library to serialize objects to XML and back again. In XStream, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream.

Affected Versions

All versions before 1.4.16

Solution

Upgrade to version 1.4.16 or above.

Last Modified

2021-03-26

source