Описание
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("") call.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | |
| bionic | not-affected | |
| devel | not-affected | |
| esm-apps/bionic | not-affected | |
| esm-apps/xenial | released | 1.4.8-1ubuntu0.1 |
| esm-infra-legacy/trusty | released | 1.4.7-1ubuntu0.1 |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needs-triage |
| trusty | released | 1.4.7-1ubuntu0.1 |
| trusty/esm | released | 1.4.7-1ubuntu0.1 |
Показывать по
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call.
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call.
XStream through 1.4.9, when a certain denyTypes workaround is not used ...
5 Medium
CVSS2
7.5 High
CVSS3