Xstream

Xstream

37 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-41966

Exploit
  • EPSS 12%
  • Published 28.12.2022 00:15:14
  • Last modified 23.05.2025 16:51:10

XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. T...

7.5

CVE-2022-40152

Exploit
  • EPSS 0.76%
  • Published 16.09.2022 10:15:09
  • Last modified 23.05.2025 16:51:40

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. T...

7.5

CVE-2022-40151

Exploit
  • EPSS 0.25%
  • Published 16.09.2022 10:15:09
  • Last modified 23.05.2025 16:51:48

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a...

7.5

CVE-2021-43859

Exploit
  • EPSS 2.4%
  • Published 01.02.2022 12:15:08
  • Last modified 23.05.2025 16:53:31

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resul...

8.5

CVE-2021-39152

Exploit
  • EPSS 67.83%
  • Published 23.08.2021 19:15:13
  • Last modified 23.05.2025 16:47:47

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed inp...

8.5

CVE-2021-39150

Exploit
  • EPSS 2.31%
  • Published 23.08.2021 19:15:12
  • Last modified 23.05.2025 16:48:02

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed inp...

6.3

CVE-2021-39140

Exploit
  • EPSS 0.12%
  • Published 23.08.2021 19:15:10
  • Last modified 23.05.2025 16:50:34

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload r...

8.5

CVE-2021-39153

Exploit
  • EPSS 0.68%
  • Published 23.08.2021 18:15:13
  • Last modified 23.05.2025 16:50:17

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if usin...

8.5

CVE-2021-39154

Exploit
  • EPSS 0.71%
  • Published 23.08.2021 18:15:13
  • Last modified 23.05.2025 16:47:35

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user...

8.5

CVE-2021-39151

Exploit
  • EPSS 0.68%
  • Published 23.08.2021 18:15:12
  • Last modified 23.05.2025 16:49:36

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user...