CVE-2021-21349

Deserialization of Untrusted Data in maven/com.thoughtworks.xstream/xstream

Identifier

CVE-2021-21349

Package Slug

maven/com.thoughtworks.xstream/xstream

Vulnerability

Deserialization of Untrusted Data

Description

XStream is a Java library to serialize objects to XML and back again. In XStream, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream.

Affected Versions

All versions before 1.4.16

Solution

Upgrade to version 1.4.16 or above.

Last Modified

2021-03-26

source