Astra Linux - уязвимость в libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available, by manipulating the processed input stream with a Java runtime version 14 to 8. ...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-discovery-server (>=0.5.0 <=0.5.24) +6127 more potentially affected by CVE-2021-39153 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.17)

com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =Finchley.SR4, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.0.0.RELEASE, =1.1.1.RELEASE, =0.3.3, =0.4.0, =0.4.2 and more Source cves: CVE-2021-39153 Source advisory: OSV:GHSA-2Q8X-2P7F-574V...