CVE-2021-21351
maven/com.thoughtworks.xstream/xstream
Deserialization of Untrusted Data
XStream is a Java library to serialize objects to XML and back again. In XStream, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream.
All versions before 1.4.16
Upgrade to version 1.4.16 or above.
2021-03-26
source |