Update com.thoughtworks.xstream:xstream to version 1.4.20 to fix CVE-2022-41966

XMLWordPrintable

    • Type: Public Security Vulnerability
    • Resolution: Fixed
    • Priority: Low
    • 4.8.12
    • Affects Version/s: 4.8.12
    • Component/s: None
    • None
    • 5.9
    • CVE-2022-41966

      com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can manipulate the processed input stream at unmarshalling time, and replace or inject objects. 

            Assignee:
            Unassigned
            Reporter:
            Serhii Lisovskyi (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: