Описание
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("") call.
Ссылки
- Mailing ListThird Party Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Broken LinkPermissions Required
- Mailing ListThird Party Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Broken LinkPermissions Required
Уязвимые конфигурации
Одно из
Одно из
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call.
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call.
XStream through 1.4.9, when a certain denyTypes workaround is not used ...
EPSS
7.5 High
CVSS3
5 Medium
CVSS2