Lucene search
K

5 matches found

OSV
OSV
added 2025/12/03 2:35 p.m.3 views

BIT-ACTIVEMQ-2021-21348 XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

7.8CVSS6.9AI score0.13832EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2021/12/02 4:17 p.m.3 views

xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by...

6.5CVSS7.4AI score0.05918EPSS
Exploits1References5
OSV
OSV
added 2021/09/08 11:3 a.m.3 views

OESA-2021-1337 xstream security update

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

8.8CVSS7.8AI score0.98124EPSS
Exploits16References15
OSV
OSV
added 2021/08/25 2:48 p.m.2 views

GHSA-6WF9-JMG9-VXCC XStream can cause a Denial of Service

Impact The vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation ...

6.5CVSS7.1AI score0.05918EPSS
Exploits1References13
OSV
OSV
added 2020/12/16 1:15 a.m.4 views

DEBIAN-CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

6.8CVSS6.8AI score0.82392EPSS
Exploits5References1
Rows per page
Query Builder