Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-23	CVE-2021-39140	Infinite Loop vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. network high complexity xstream-project debian fedoraproject netapp oracle CWE-835	6.3
2020-12-16	CVE-2020-26259	OS Command Injection vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network high complexity xstream-project debian fedoraproject CWE-78	6.8
2017-04-29	CVE-2017-7957	Improper Input Validation vulnerability in multiple products XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call. network low complexity xstream-project debian CWE-20	5.0
2016-05-17	CVE-2016-3674	Information Exposure vulnerability in multiple products Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document. network low complexity debian fedoraproject xstream-project CWE-200	5.0