search

x-stream / xstream

Serialize Java objects to XML and back again.
http://x-stream.github.io
Other
749 stars 227 forks source link

XStream Core latest version 1.4.19 is vulnerable #319

Closed ncteam1990 closed 2 years ago

ncteam1990 commented 2 years ago

Hello Team,

Xstream core latest version is vulnerable. It has reported with below mentioned CVE.

CVE-2022-40156 CVE-2022-40155 CVE-2022-40154 CVE-2022-40153 CVE-2022-40151

Could you please let us know when are you planning to publish a patch for the same? Any expected release date for a nonvulnerable version?

joehni commented 2 years ago

There's only CVE-2022-40151, see #304