7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
xstream is vulnerable to denial of service. The vulnerability exists due to the improper serialization of XML data in the processConverterAnnotations
function in AnnotationMapper.java
which allows an attacker to cause an application crash by providing malicious input through the parser.
CPE | Name | Operator | Version |
---|---|---|---|
xstream core | le | 1.4.19 | |
xstream core | le | 1.4.19 |