ALT Linux Team

Package xstream update in sisyphus on 2019-06-18

ALT-PU-2019-4251-1

Package xstream updated to version 1.4.11.1-alt1_2jpp8 for branch sisyphus in task 232422.

Closed vulnerabilities

Published: 2017-04-29
Modified: 2025-05-23

CVE-2017-7957

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("") call.

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-07-01
Modified: 2025-05-23

GHSA-7hwc-46rm-65jh

Denial of service in XStream

Severity: HIGH (7.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top