CVE-2021-21347

Unrestricted Upload of File with Dangerous Type in maven/com.thoughtworks.xstream/xstream

Identifier

CVE-2021-21347

Package Slug

maven/com.thoughtworks.xstream/xstream

Vulnerability

Unrestricted Upload of File with Dangerous Type

Description

XStream is a Java library to serialize objects to XML and back again. In XStream, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream.

Affected Versions

All versions before 1.4.16

Solution

Upgrade to version 1.4.16 or above.

Last Modified

2021-03-26

source