Vulnerabilities > Xstream > Xstream > 1.4.11.1

DATE CVE VULNERABILITY TITLE RISK
2022-12-28 CVE-2022-41966 Uncontrolled Recursion vulnerability in Xstream
XStream serializes Java objects to XML and back again.
network
low complexity
xstream CWE-674
7.5
7.5
2022-09-16 CVE-2022-40151 Out-of-bounds Write vulnerability in Xstream
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS).
network
low complexity
xstream CWE-787
7.5
7.5
2022-09-16 CVE-2022-40152 Out-of-bounds Write vulnerability in multiple products
Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled.
network
low complexity
xstream fasterxml CWE-787
7.5
7.5
2022-02-01 CVE-2021-43859 Resource Exhaustion vulnerability in multiple products
XStream is an open source java library to serialize objects to XML and back again. 		7.5
7.5
2021-08-23 CVE-2021-39140 Infinite Loop vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
network
high complexity
xstream debian fedoraproject netapp oracle CWE-835
6.3
6.3
2021-08-23 CVE-2021-39150 Deserialization of Untrusted Data vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
network
high complexity
xstream fedoraproject debian netapp oracle CWE-502
8.5
8.5
2021-08-23 CVE-2021-39152 Deserialization of Untrusted Data vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
network
high complexity
xstream fedoraproject debian netapp oracle CWE-502
8.5
8.5
2021-08-23 CVE-2021-39139 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
network
low complexity
xstream debian fedoraproject netapp oracle CWE-434
8.8
8.8
2021-08-23 CVE-2021-39141 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
network
high complexity
xstream debian fedoraproject netapp oracle CWE-434
8.5
8.5
2021-08-23 CVE-2021-39144 Deserialization of Untrusted Data vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
network
high complexity
xstream debian fedoraproject netapp oracle CWE-502
8.5
8.5