Updated: 2025-05-27 00:06:56.144605
Description:
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | HIGH | 7.8 |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | mysql | 5.1.73 | 7.5 | HIGH | Not Vulnerable | 2022-02-17 14:40:48 | ||
| CentOS 8.4 ELS | mysql | 8.0.26 | 7.5 | HIGH | Not Vulnerable | 2022-02-17 14:40:48 | ||
| CentOS 8.5 ELS | mysql | 8.0.26 | 7.5 | HIGH | Not Vulnerable | 2022-02-17 14:40:48 | ||
| CloudLinux 6 ELS | mysql | 5.1.73 | 7.5 | HIGH | Not Vulnerable | 2022-02-17 14:40:48 | ||
| Oracle Linux 6 ELS | mysql | 5.1.73 | 7.5 | HIGH | Not Vulnerable | 2022-02-17 14:40:48 | ||
| Ubuntu 16.04 ELS | mysql-5.7 | 5.7.33-0 | 7.5 | HIGH | Not Vulnerable | 2024-08-23 15:03:47 | ||
| Ubuntu 18.04 ELS | mysql-5.7 | 5.7.41-0 | 7.5 | HIGH | Not Vulnerable | 2023-06-28 17:07:04 |