GHSA-7hwc-46rm-65jh

Suggest an improvement
Source
https://github.com/advisories/GHSA-7hwc-46rm-65jh
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-7hwc-46rm-65jh/GHSA-7hwc-46rm-65jh.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-7hwc-46rm-65jh
Aliases
Published
2020-06-30T22:48:24Z
Modified
2023-11-01T05:28:31.531220Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Denial of service in XStream
Details

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call.

References

Affected packages

Maven / com.thoughtworks.xstream:xstream

Package

Name
com.thoughtworks.xstream:xstream
View open source insights on deps.dev
Purl
pkg:maven/com.thoughtworks.xstream/xstream

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.10

Affected versions

0.*

0.1
0.2
0.3
0.5
0.6

1.*

1.0
1.0.1
1.0.2
1.1
1.1.1
1.1.2
1.1.3
1.2
1.2.1
1.2.2
1.3
1.3.1
1.4
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9