Описание
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | xstream | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch6-rhel8 | Not affected | ||
| Migration Toolkit for Runtimes | xstream | Not affected | ||
| OpenShift Developer Tools and Services | jenkins | Will not fix | ||
| Red Hat AMQ Broker 7 | xstream | Not affected | ||
| Red Hat build of Apache Camel for Spring Boot 3 | xstream | Not affected | ||
| Red Hat build of Apicurio Registry 2 | xstream | Not affected | ||
| Red Hat build of Debezium 1 | xstream | Not affected | ||
| Red Hat build of Quarkus | xstream | Not affected | ||
| Red Hat Data Grid 8 | xstream | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=2134289xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks
7.5 High
CVSS3
Связанные уязвимости
ubuntu
больше 3 лет назад
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage.
nvd
больше 3 лет назад
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage.
7.5 High
CVSS3