Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

maven com.thoughtworks.xstream:xstream Security Advisories

Loading...
High
GSA_kwCzR0hTQS1mOGNjLWc3ajgteHhwbc4AAwqj
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1qNTYzLWdyeDQtcGpwds4AAwpk
XStream can cause Denial of Service via stack overflow
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 36.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS1ybXI1LWNwdjItdmdqZs0n7Q
Denial of Service by injecting highly recursive collections or maps in XStream
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY0eHgtY3E0cS1tZjQ0
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3Zjktam1nOS12eGNj
XStream can cause a Denial of Service
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1dzYtbXJqNy03NWgy
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo5aDgtcGhydy1oNGZo
XStream is vulnerable to a Remote Command Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqcmotNTI1cC04MjZ2
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4cHEtcjg5NC1mbThm
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3djQtN3hnMy1oeGNj
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyeDgtODU0NS00d2cy
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjY3EtNXZ3My0ycDZ4
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4Zm0tNW00Zy14N3hw
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwaDItbTNnNS14eHY0
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3NHAtY3Jwai12angy
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxOHgtMnA3Zi01NzR2
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3NjItaHg3ci1tdzY4
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdjaHYtcnJ3Ni13NmZj
XStream is vulnerable to a Remote Command Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyY3AtOGYzcS00dzJj
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzZ2MtbWp4Zy1ndnJx
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2aG0tODh4My1tZmp2
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cDgtM2ZoOS00Y3Zx
XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwZnEtcGg3ci1xdjZm
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRocm0tbTY3di01Y3hy
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3cGMtOHhxdi1qdmo0
XStream is vulnerable to a Remote Command Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5anctanFmNC0zd3Ez
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0Y3YtZjU4eC1mOXdm
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2djgtMzM2Zy1yeDNt
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwM3gtcXc5Yy0yNWho
XStream can cause a Denial of Service.
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRjY2gtd3hwdy04cDI4
Server-Side Forgery Request can be activated unmarshalling with XStream
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmdngtN3dyeC00M2Zo
XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW13MzYtN2M2Yy1xNHEy
XStream can be used for Remote Code Execution
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdod2MtNDZybS02NWpo
Denial of service in XStream
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJnaDMtOTg3aC13cG13
XML External Entity Injection in XStream
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhmMjMtOXBmNy0zODhw
Deserialization of Untrusted Data and Code Injection in xstream
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1NTQteDIyMi13Z2Y3
Command Injection in Xstream
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: about 5 years ago
Statistics
Advisories: 18,946
Packages: 8,441
Repositories: 2
Ecosystems: 12
Filter by Package
org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 com.fasterxml.jackson.core:jackson-databind 69 org.apache.struts:struts2-core 55 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 com.jfinal:jfinal 36 org.apache.tomcat.embed:tomcat-embed-core 36 com.thoughtworks.xstream:xstream 36 net.mingsoft:ms-mcms 35 org.xwiki.platform:xwiki-platform-oldcore 34 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 32 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 org.eclipse.jetty:jetty-server 23 org.springframework.security:spring-security-core 23 org.bouncycastle:bcprov-jdk14 22 org.apache.nifi:nifi 22 org.apache.openmeetings:openmeetings-parent 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 org.springframework:spring-core 19 com.vaadin:vaadin-bom 18 com.liferay.portal:release.dxp.bom 18 org.apache.geode:geode-core 17 org.xwiki.platform:xwiki-platform-web-templates 17 org.apache.dubbo:dubbo 16 org.bouncycastle:bcprov-jdk15 16 org.apache.activemq:activemq-client 16 org.apache.struts.xwork:xwork-core 15 org.apache.jspwiki:jspwiki-main 15 org.xwiki.platform:xwiki-platform-web 14 org.apache.inlong:manager-pojo 14 org.apache.cxf:cxf 13 org.apache.hadoop:hadoop-main 13 org.jenkins-ci.plugins:git 12 com.vaadin:flow-server 12 org.bouncycastle:bcprov-jdk15on 12 org.jenkins-ci.plugins.workflow:workflow-cps 12 org.apache.tika:tika-core 11 org.apache.james:james-server 11 org.apache.ranger:ranger 11 org.mortbay.jetty:jetty 11 org.apache.cxf:cxf-core 11 org.jeecgframework.boot:jeecg-boot-common 11 org.apache.commons:commons-compress 11 org.apache.jspwiki:jspwiki-war 11 org.jenkins-ci.plugins:email-ext 11 org.apache.dolphinscheduler:dolphinscheduler 11 org.apache.hadoop:hadoop-common 11 org.apache.tomcat:tomcat-coyote 11 com.xuxueli:xxl-job 11 org.apache.camel:camel-core 11 org.jeecgframework.boot:jeecg-boot-parent 11 org.igniterealtime.openfire:parent 11 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 10 org.apache.inlong:manager-service 10 io.netty:netty 10 org.xwiki.platform:xwiki-platform-administration-ui 10 org.jboss.netty:netty 10 org.apache.archiva:archiva 9 org.opencrx:opencrx-core-models 9 org.apache.tapestry:tapestry-core 9 org.apache.xmlgraphics:batik 9 org.springframework:spring-web 9 cn.hutool:hutool-core 9 org.apache.hive:hive 9 org.craftercms:crafter-studio 9 org.jenkins-ci.plugins:active-directory 9 io.jenkins:configuration-as-code 9 org.opennms:opennms 9 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 9 org.springframework:spring-webmvc 9 org.jenkins-ci.plugins:config-file-provider 9 org.apache.tomcat:tomcat-catalina 9 org.apache.shiro:shiro-core 9 org.jenkins-ci.plugins:electricflow 9 org.bouncycastle:bcprov-jdk15to18 9 org.graylog2:graylog2-server 8 org.jenkins-ci.plugins:ec2 8 org.opencms:opencms-core 8 org.yaml:snakeyaml 8 org.postgresql:postgresql 8 org.apache.santuario:xmlsec 8 io.jenkins.blueocean:blueocean 8 org.apache.pdfbox:pdfbox 8 org.apache.kylin:kylin 8 com.hazelcast:hazelcast 8 org.apache.hive:hive-exec 8 org.apache.zeppelin:zeppelin 8 org.apache.ambari:ambari 8 mysql:mysql-connector-java 8 org.apache.ozone:ozone-main 8 jquery 8 jquery-rails 8 org.webjars.npm:jquery 8 io.atomix:atomix 7 org.jenkins-ci.plugins:mercurial 7 org.jenkins-ci.plugins:jobConfigHistory 7 org.jenkins-ci.plugins:openshift-deployer 7 org.apache.spark:spark-core_2.11 7 org.apache.activemq:activemq-parent 7 org.jeecgframework.boot:jeecg-boot-base 7 org.silverpeas.core:silverpeas-core-web 7 net.opentsdb:opentsdb 7 org.apache.tika:tika 7 org.owasp.esapi:esapi 7 org.jenkins-ci.plugins:artifactory 7 org.apache.cxf:apache-cxf 7 org.jboss.resteasy:resteasy-client 7 io.dataease:dataease-plugin-common 7 org.owasp.antisamy:antisamy 7 io.jenkins.plugins:miniorange-saml-sp 7 jQuery.UI.Combined 7 org.webjars.npm:jquery-ui 7 jquery-ui-rails 7 jquery-ui 7 io.jenkins.plugins:cavisson-ns-nd-integration 7 org.jruby:jruby-stdlib 7 rubygems-update 7 jQuery 7 org.apache.inlong:manager-web 7 org.apache.logging.log4j:log4j-core 7 org.apache.karaf:apache-karaf 7 org.apache.hive:hive-service 7 org.jenkins-ci.plugins:rundeck 7 org.apache.derby:derby 7 io.jenkins.plugins:warnings-ng 7 org.apache.poi:poi 7 org.jenkins-ci.plugins:subversion 7 org.apache.atlas:atlas-common 7 org.apache.linkis:linkis 7 org.csanchez.jenkins.plugins:kubernetes 6 org.apache.pulsar:pulsar-broker 6 org.apache.spark:spark-core_2.10 6 org.opensearch.plugin:opensearch-security 6 hudson.plugins:project-inheritance 6 org.apache.storm:storm-core 6 de.tum.in.ase:artemis-java-test-sandbox 6 org.apache.axis:axis 6 commons-fileupload:commons-fileupload 6 axis:axis 6 org.apache.solr:solr-parent 6 org.jenkins-ci.plugins:azure-vm-agents 6 org.jenkins-ci.plugins:pipeline-maven 6 org.jenkins-ci.plugins:fortify-on-demand-uploader 6 org.xwiki.commons:xwiki-commons-xml 6 io.netty:netty-handler 6 com.jflyfox:jflyfox_jfinal 6 org.apache.mesos:mesos 6 io.netty:netty-codec-http 6 org.opencastproject:opencast-kernel 6 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 6 org.apache.struts:struts2-rest-plugin 6 org.apache.syncope:syncope-core 6 org.apache.httpcomponents:httpclient 6 org.apache.shenyu:shenyu-common 6 org.jenkins-ci.plugins:ec2-deployment-dashboard 6 cn.hutool:hutool-json 6 org.bouncycastle:bcprov-jdk18on 6 tech.powerjob:powerjob 6 org.jenkins-ci.plugins:gitlab-oauth 6 com.xebialabs.deployit.ci:deployit-plugin 6 org.jenkins-ci.plugins:repository-connector 6 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 5 org.jenkins-ci.plugins:junit 5 org.codehaus.jettison:jettison 5 org.infinispan:infinispan-core 5 org.apache.kylin:kylin-server-base 5 org.bouncycastle:bcprov-ext-jdk15on 5 com.vaadin:vaadin-server 5 com.datapipe.jenkins.plugins:hashicorp-vault-plugin 5 org.jenkins-ci.plugins:fortify 5 com.nimbusds:nimbus-jose-jwt 5 org.jenkins-ci.plugins:extended-choice-parameter 5 org.jenkins-ci.plugins:openid 5 com.alibaba:dubbo 5 org.wildfly:wildfly-parent 5 com.ruoyi:ruoyi 5 org.apache.zeppelin:zeppelin-server 5 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 5 org.jenkins-ci.plugins:credentials 5 org.jenkins-ci.plugins:htmlpublisher 5 org.neo4j.procedure:apoc 5 com.mabl.integration.jenkins:mabl-integration 5 org.jenkins-ci.plugins:codedx 5 org.jenkins-ci.plugins:publish-over-ssh 5 io.projectreactor.netty:reactor-netty-http 5 org.jenkins-ci.plugins:sinatra-chef-builder 5 org.biouno:uno-choice 5 xerces:xercesImpl 5 log4j:log4j 5 info.magnolia:magnolia-core 5 org.zenframework.z8.dependencies.commons:log4j-1.2.17 5 org.apache.inlong:manager-dao 5 org.jenkins-ci.plugins:support-core 5 com.coravy.hudson.plugins.github:github 5 struts:struts 5