com.thoughtworks.xstream: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

A flaw was found in the XStream library. A remote attacker may trigger a denial of service by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. This issue may lead to the termination of the application...

K000149708: Java Xtream vulnerabilities CVE-2021-43859 and CVE-2024-47072

Security Advisory Description CVE-2021-43859 XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulti...

Security Bulletin: Vulnerability in XStream library affects App Connect Professional

Summary There is vulnerability in the XStream library used by App Connect Professional. App Connect Professional has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in...

com.thoughtworks.xstream: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

A flaw was found in the XStream library. A remote attacker may trigger a denial of service by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. This issue may lead to the termination of the application...

CVE-2024-47072

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

Poc

This repository contains a collection of proof-of-concept PoC exploits and tools for various vulnerabilities. The primary focus is on Java-based exploits, with some Python scripts also present. The Java exploits target vulnerabilities in Java applications, including a deserialization vulnerabilit...

NextGen Healthcare Mirth Connect Under Attack - CISA Issues Urgent Warning

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a security flaw impacting NextGen Healthcare Mirth Connect to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The flaw, tracked as CVE-2023-43208 CVSS score: N/A, concerns a cas...

Security Bulletin: Vulnerabilities in XStream library affects IBM Engineering Test Management (ETM) (CVE-2022-40151)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2022-40151 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a...

The vulnerability of the XStream library for converting objects to XML or JSON format in the VMware Cloud Foundation virtualization platform arises from a buffer overflow in the stack. This allows an attacker to trigger a service failure.

The vulnerability of the XStream library for converting objects to XML or JSON format in the VMware Cloud Foundation platform is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure remotely...

The vulnerability of the XStream Java library for converting objects to XML or JSON format is related to stack overflow conditions. This allows an attacker to cause a service failure.

The vulnerability of the XStream library for converting objects to XML or JSON format is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure remotely...

SUSE CVE-2017-9793

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload...

SUSE CVE-2020-26258

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

SUSE CVE-2021-21344

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

SUSE CVE-2021-43859

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulatin...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-discovery-server (>=0.5.0 <=0.5.24) +7677 more potentially affected by CVE-2022-40151 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.2)

com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =Finchley.SR4, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.0.0.RELEASE, =1.1.1.RELEASE, =0.3.3, =1.1.0 - be.ordina:microservices-dashboard-server =1.0.1 and more Source cves: CVE-2022-40151 Source...

Atlassian Jira < 8.13.19 / 8.14.x < 8.20.7 / 8.21.x < 8.22.1 RCE (JRASERVER-73582)

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is affected by remote code execution vulnerability. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute...

The vulnerability of the Xstream Java library for converting objects to XML or JSON format allows a malicious actor to cause a service failure due to uncontrolled resource consumption.

The vulnerability of the Xstream library for converting objects into XML or JSON format involves an uncontrolled resource consumption. Exploiting this vulnerability may allow a malicious actor to cause service failures remotely...

CVE-2022-36799

This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Templat...

CVE-2022-36799

This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Templat...

Design/Logic Flaw

This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Templat...