com.thoughtworks.xstream:xstream (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package com.thoughtworks.xstream:xstream, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (37)
CVE-2019-10173 — CVSS 9.8 (critical): It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security…
CVE-2013-7285 — CVSS 9.8 (critical): Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run…
CVE-2021-39141 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39146 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39139 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39147 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39145 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39154 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39153 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39152 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39151 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39150 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39149 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39148 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2022-41966 — CVSS 8.2 (high): XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application…
CVE-2020-26217 — CVSS 8.0 (high): XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell…
CVE-2024-47072 — CVSS 7.5 (high): XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the…
CVE-2016-3674 — CVSS 7.5 (high): Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver…
CVE-2017-7957 — CVSS 7.5 (high): XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type…
CVE-2021-21341 — CVSS 7.5 (high): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may…
CVE-2021-29505 — CVSS 7.5 (high): XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a…
CVE-2021-43859 — CVSS 7.5 (high): XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to…
CVE-2020-26259 — CVSS 6.8 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File…
CVE-2021-39140 — CVSS 6.5 (medium): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2022-40151 — CVSS 6.5 (medium): Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied…
CVE-2020-26258 — CVSS 6.3 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request…
CVE-2021-21347 — CVSS 6.1 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may…
CVE-2021-21346 — CVSS 6.1 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may…
CVE-2021-21349 — CVSS 6.1 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may…
CVE-2021-21345 — CVSS 5.8 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may…
CVE-2021-21351 — CVSS 5.4 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow…
CVE-2021-21342 — CVSS 5.3 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the…
CVE-2021-21343 — CVSS 5.3 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the…
CVE-2021-21344 — CVSS 5.3 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may…
CVE-2021-21348 — CVSS 5.3 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may…
CVE-2021-21350 — CVSS 5.3 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may…