pkg:Maven/com.thoughtworks.xstream:xstream

37 total CVEsCRITICAL2HIGH22MEDIUM13

✅ Check your installed version

All known vulnerabilities

  • HIGH8.5CVE-2021-39144⚠ KEVXStream is vulnerable to a Remote Command Execution attack
    from 0, < 1.4.18
  • CRITICAL9.8CVE-2019-10173Deserialization of Untrusted Data and Code Injection in xstream
    >= 1.4.10, < 1.4.11
  • CRITICAL9.8CVE-2013-7285Command Injection in Xstream
    from 0, < 1.4.7
  • HIGH8.5CVE-2021-39139XStream is vulnerable to an Arbitrary Code Execution attack
    from 0, < 1.4.18
  • HIGH8.5CVE-2021-39141XStream is vulnerable to an Arbitrary Code Execution attack
    from 0, < 1.4.18
  • HIGH8.5CVE-2021-39145XStream is vulnerable to an Arbitrary Code Execution attack
    from 0, < 1.4.18
  • HIGH8.5CVE-2021-39146XStream is vulnerable to an Arbitrary Code Execution attack
    from 0, < 1.4.18
  • HIGH8.5CVE-2021-39147XStream is vulnerable to an Arbitrary Code Execution attack
    from 0, < 1.4.18
  • HIGH8.5CVE-2021-39148XStream is vulnerable to an Arbitrary Code Execution attack
    from 0, < 1.4.18
  • HIGH8.5CVE-2021-39149XStream is vulnerable to an Arbitrary Code Execution attack
    from 0, < 1.4.18
  • HIGH8.5CVE-2021-39150A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
    from 0, < 1.4.18
  • HIGH8.5CVE-2021-39151XStream is vulnerable to an Arbitrary Code Execution attack
    from 0, < 1.4.18
  • HIGH8.5CVE-2021-39152A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
    from 0, < 1.4.18
  • HIGH8.5CVE-2021-39153XStream is vulnerable to an Arbitrary Code Execution attack
    from 0, < 1.4.18
  • HIGH8.5CVE-2021-39154XStream is vulnerable to an Arbitrary Code Execution attack
    from 0, < 1.4.18
  • HIGH8.2CVE-2022-41966libxstream-java - security update
    from 0, < 1.4.20
  • HIGH8.0CVE-2020-26217XStream can be used for Remote Code Execution
    from 0, < 1.4.14-java7
  • HIGH7.5CVE-2024-47072XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
    from 0, < 1.4.21
  • HIGH7.5CVE-2022-40151XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow
    from 0, < 1.4.20
  • HIGH7.5CVE-2021-43859Denial of Service by injecting highly recursive collections or maps in XStream
    from 0, < 1.4.19
  • HIGH7.5CVE-2021-29505XStream is vulnerable to a Remote Command Execution attack
    from 0, < 1.4.17
  • HIGH7.5CVE-2021-21341XStream can cause a Denial of Service.
    from 0, < 1.4.16
  • HIGH7.5CVE-2017-7957libxstream-java - security update
    from 0, < 1.4.10
  • HIGH7.5CVE-2016-3674libxstream-java - security update
    from 0, < 1.4.9
  • MEDIUM6.8CVE-2020-26259XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling
    from 0, < 1.4.15
  • MEDIUM6.5CVE-2021-39140XStream can cause a Denial of Service
    from 0, < 1.4.18
  • MEDIUM6.3CVE-2020-26258Server-Side Forgery Request can be activated unmarshalling with XStream
    from 0, < 1.4.15
  • MEDIUM6.1CVE-2021-21349A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
    from 0, < 1.4.16
  • MEDIUM6.1CVE-2021-21347XStream is vulnerable to an Arbitrary Code Execution attack
    from 0, < 1.4.16
  • MEDIUM6.1CVE-2021-21346XStream is vulnerable to an Arbitrary Code Execution attack
    from 0, < 1.4.16
  • MEDIUM5.8CVE-2021-21345XStream is vulnerable to a Remote Command Execution attack
    from 0, < 1.4.16
  • MEDIUM5.4CVE-2021-21351XStream is vulnerable to an Arbitrary Code Execution attack
    from 0, < 1.4.16
  • MEDIUM5.3CVE-2021-21350XStream is vulnerable to an Arbitrary Code Execution attack
    from 0, < 1.4.16
  • MEDIUM5.3CVE-2021-21348XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)
    from 0, < 1.4.16
  • MEDIUM5.3CVE-2021-21344XStream is vulnerable to an Arbitrary Code Execution attack
    from 0, < 1.4.16
  • MEDIUM5.3CVE-2021-21343XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights
    from 0, < 1.4.16
  • MEDIUM5.3CVE-2021-21342A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
    from 0, < 1.4.16