Vulnerabilities > X Stream > Xstream > 1.4.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-23 | CVE-2019-10173 | Code Injection vulnerability in multiple products It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. | 9.8 |
| 2019-05-15 | CVE-2013-7285 | OS Command Injection vulnerability in multiple products Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. | 9.8 |