CVE-2017-7957

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML"" call...

[SECURITY] Fedora 26 Update: xstream-1.4.9-5.fc26

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

CVE-2016-3674

Multiple XML external entity XXE vulnerabilities in the 1 Dom4JDriver, 2 DomDriver, 3 JDomDriver, 4 JDom2Driver, 5 SjsxpDriver, 6 StandardStaxDriver, and 7 WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document...