Vulnerabilities > X Stream > Xstream > 1.4.10

DATE CVE VULNERABILITY TITLE RISK
2019-07-23 CVE-2019-10173 Code Injection vulnerability in multiple products
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw.
network
low complexity
x-stream oracle CWE-94
critical
9.8
2019-05-15 CVE-2013-7285 OS Command Injection vulnerability in multiple products
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format.
network
low complexity
xstream-project x-stream CWE-78
critical
9.8