NewStart CGSL CORE 5.04 / MAIN 5.04 : xstream Vulnerability (NS-SA-2022-0007)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xstream packages installed that are affected by a vulnerability: - XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has...

Remote Code Execution (RCE)

xstream is vulnerable to remote code execution. The vulnerability exists due to the usage of an insecure default blacklist which does not cover all the excluded XStream security framework...

GHSA-56P8-3FH9-4CVQ XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)

Impact The vulnerability may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. Patches If you rely on...

GHSA-4CCH-WXPW-8P28 Server-Side Forgery Request can be activated unmarshalling with XStream

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. Patches If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15...