renfei / cloudflare Goto Github PK
View Code? Open in Web Editor NEWCloudflare API V4 Client for Java, allows you to access every single feature of Cloudflare's API faster and much easier!
License: Apache License 2.0
Cloudflare API V4 Client for Java, allows you to access every single feature of Cloudflare's API faster and much easier!
License: Apache License 2.0
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in HEAD commit: e277f2b66fafa1b41ac5b3e3447909848122b5f3
Found in base branch: master
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Publish Date: 2021-08-23
URL: CVE-2021-39140
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-6wf9-jmg9-vxcc
Release Date: 2021-08-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.18
Step up your Open Source Security Game with WhiteSource here
Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4, Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.19/commons-compress-1.19.jar
Dependency Hierarchy:
Found in HEAD commit: e277f2b66fafa1b41ac5b3e3447909848122b5f3
Found in base branch: master
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
Publish Date: 2021-07-13
URL: CVE-2021-36090
Base Score Metrics:
Type: Upgrade version
Origin: https://commons.apache.org/proper/commons-compress/security-reports.html
Release Date: 2021-07-13
Fix Resolution: org.apache.commons:commons-compress:1.21
Step up your Open Source Security Game with WhiteSource here
Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4, Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.19/commons-compress-1.19.jar
Dependency Hierarchy:
Found in HEAD commit: e277f2b66fafa1b41ac5b3e3447909848122b5f3
Found in base branch: master
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
Publish Date: 2021-07-13
URL: CVE-2021-35516
Base Score Metrics:
Type: Upgrade version
Origin: https://commons.apache.org/proper/commons-compress/security-reports.html
Release Date: 2021-07-13
Fix Resolution: org.apache.commons:commons-compress:1.21
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in HEAD commit: e277f2b66fafa1b41ac5b3e3447909848122b5f3
Found in base branch: master
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Publish Date: 2021-08-23
URL: CVE-2021-39148
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-qrx8-8545-4wg2
Release Date: 2021-08-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.18
Step up your Open Source Security Game with WhiteSource here
Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4, Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.19/commons-compress-1.19.jar
Dependency Hierarchy:
Found in HEAD commit: e277f2b66fafa1b41ac5b3e3447909848122b5f3
Found in base branch: master
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.
Publish Date: 2021-07-13
URL: CVE-2021-35517
Base Score Metrics:
Type: Upgrade version
Origin: https://commons.apache.org/proper/commons-compress/security-reports.html
Release Date: 2021-07-13
Fix Resolution: org.apache.commons:commons-compress:1.21
Step up your Open Source Security Game with WhiteSource here
Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4, Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.19/commons-compress-1.19.jar
Dependency Hierarchy:
Found in HEAD commit: e277f2b66fafa1b41ac5b3e3447909848122b5f3
Found in base branch: master
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
Publish Date: 2021-07-13
URL: CVE-2021-35515
Base Score Metrics:
Type: Upgrade version
Origin: https://commons.apache.org/proper/commons-compress/security-reports.html
Release Date: 2021-07-13
Fix Resolution: org.apache.commons:commons-compress:1.21
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in base branch: master
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Publish Date: 2021-03-23
URL: CVE-2021-21343
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-74cv-f58x-f9wf
Release Date: 2021-03-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.16
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in HEAD commit: e277f2b66fafa1b41ac5b3e3447909848122b5f3
Found in base branch: master
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Publish Date: 2021-08-23
URL: CVE-2021-39154
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-6w62-hx7r-mw68
Release Date: 2021-08-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.18
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in base branch: master
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Publish Date: 2021-03-23
URL: CVE-2021-21349
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-f6hm-88x3-mfjv
Release Date: 2021-03-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.16
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in base branch: master
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Publish Date: 2021-03-23
URL: CVE-2021-21347
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-qpfq-ph7r-qv6f
Release Date: 2021-03-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.16
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in base branch: master
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Publish Date: 2021-03-23
URL: CVE-2021-21342
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-hvv8-336g-rx3m
Release Date: 2021-03-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.16
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in base branch: master
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.
Publish Date: 2021-05-28
URL: CVE-2021-29505
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-7chv-rrw6-w6fc
Release Date: 2021-05-28
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.17
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in base branch: master
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Publish Date: 2021-03-23
URL: CVE-2021-21351
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-hrcp-8f3q-4w2c
Release Date: 2021-03-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.16
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in base branch: master
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.18.
Publish Date: 2021-08-23
URL: CVE-2021-39150
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-hph2-m3g5-xxv4
Release Date: 2021-08-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.18
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in base branch: master
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Publish Date: 2021-03-23
URL: CVE-2021-21350
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-43gc-mjxg-gvrq
Release Date: 2021-03-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.16
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in base branch: master
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Publish Date: 2021-03-23
URL: CVE-2021-21345
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-hwpc-8xqv-jvj4
Release Date: 2021-03-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.16
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in HEAD commit: e277f2b66fafa1b41ac5b3e3447909848122b5f3
Found in base branch: master
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Publish Date: 2021-08-23
URL: CVE-2021-39146
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-p8pq-r894-fm8f
Release Date: 2021-08-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.18
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in HEAD commit: e277f2b66fafa1b41ac5b3e3447909848122b5f3
Found in base branch: master
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Publish Date: 2021-08-23
URL: CVE-2021-39153
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
Release Date: 2021-08-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.18
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in HEAD commit: e277f2b66fafa1b41ac5b3e3447909848122b5f3
Found in base branch: master
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Publish Date: 2021-08-23
URL: CVE-2021-39147
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-h7v4-7xg3-hxcc
Release Date: 2021-08-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.18
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in HEAD commit: e277f2b66fafa1b41ac5b3e3447909848122b5f3
Found in base branch: master
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Publish Date: 2021-08-23
URL: CVE-2021-39149
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-3ccq-5vw3-2p6x
Release Date: 2021-08-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.18
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in HEAD commit: e277f2b66fafa1b41ac5b3e3447909848122b5f3
Found in base branch: master
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Publish Date: 2021-08-23
URL: CVE-2021-39145
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-8jrj-525p-826v
Release Date: 2021-08-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.18
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in base branch: master
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Publish Date: 2021-03-23
URL: CVE-2021-21348
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-56p8-3fh9-4cvq
Release Date: 2021-03-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.16
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in base branch: master
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Publish Date: 2021-03-23
URL: CVE-2021-21346
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-4hrm-m67v-5cxr
Release Date: 2021-03-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.16
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in base branch: master
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Publish Date: 2021-03-23
URL: CVE-2021-21341
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-2p3x-qw9c-25hh
Release Date: 2021-03-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.16
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in HEAD commit: e277f2b66fafa1b41ac5b3e3447909848122b5f3
Found in base branch: master
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Publish Date: 2021-08-23
URL: CVE-2021-39144
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-j9h8-phrw-h4fh
Release Date: 2021-08-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.18
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in base branch: master
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Publish Date: 2021-03-23
URL: CVE-2021-21344
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-59jw-jqf4-3wq3
Release Date: 2021-03-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.16
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in HEAD commit: e277f2b66fafa1b41ac5b3e3447909848122b5f3
Found in base branch: master
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Publish Date: 2021-08-23
URL: CVE-2021-39141
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-g5w6-mrj7-75h2
Release Date: 2021-08-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.18
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in base branch: master
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.
Publish Date: 2022-02-01
URL: CVE-2021-43859
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-rmr5-cpv2-vgjf
Release Date: 2021-11-17
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.19
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in base branch: master
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.18.
Publish Date: 2021-08-23
URL: CVE-2021-39152
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-xw4p-crpj-vjx2
Release Date: 2021-08-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.18
Step up your Open Source Security Game with WhiteSource here
The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-codec/commons-codec/1.11/commons-codec-1.11.jar
Dependency Hierarchy:
Found in HEAD commit: ed421e530389aad08ec55f64e0298e488863eb72
Found in base branch: master
Apache commons-codec before version “commons-codec-1.13-RC1” is vulnerable to information disclosure due to Improper Input validation.
Publish Date: 2019-05-20
URL: WS-2019-0379
Base Score Metrics:
Type: Upgrade version
Origin: apache/commons-codec@48b6157
Release Date: 2019-05-20
Fix Resolution: commons-codec:commons-codec:1.13
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in HEAD commit: e277f2b66fafa1b41ac5b3e3447909848122b5f3
Found in base branch: master
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Publish Date: 2021-08-23
URL: CVE-2021-39139
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-64xx-cq4q-mf44
Release Date: 2021-08-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.18
Step up your Open Source Security Game with WhiteSource here
Library home page: http://x-stream.github.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.15/xstream-1.4.15.jar
Dependency Hierarchy:
Found in HEAD commit: e277f2b66fafa1b41ac5b3e3447909848122b5f3
Found in base branch: master
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Publish Date: 2021-08-23
URL: CVE-2021-39151
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-hph2-m3g5-xxv4
Release Date: 2021-08-23
Fix Resolution: com.thoughtworks.xstream:xstream:1.4.18
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.