Updated: 2025-05-27 00:42:55.85413
Description:
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 6.5 |
| CVSS Version 3.x | CRITICAL | 9.1 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | mysql | 5.1.73 | 9.1 | CRITICAL | Not Vulnerable | 2022-02-17 14:40:48 | ||
| CentOS 8.4 ELS | mysql | 8.0.26 | 9.1 | CRITICAL | Not Vulnerable | 2022-02-17 14:40:48 | ||
| CentOS 8.5 ELS | mysql | 8.0.26 | 9.1 | CRITICAL | Not Vulnerable | 2022-02-17 14:40:47 | ||
| CloudLinux 6 ELS | mysql | 5.1.73 | 9.1 | CRITICAL | Not Vulnerable | 2022-02-17 14:40:48 | ||
| Oracle Linux 6 ELS | mysql | 5.1.73 | 9.1 | CRITICAL | Not Vulnerable | 2022-02-17 14:40:48 | ||
| Ubuntu 16.04 ELS | mysql-5.7 | 5.7.33-0 | 9.1 | CRITICAL | Not Vulnerable | 2024-08-23 15:03:46 | ||
| Ubuntu 18.04 ELS | mysql-5.7 | 5.7.41-0 | 9.1 | CRITICAL | Not Vulnerable | 2023-05-31 09:00:10 |