VulnerableCode Package Details - pkg:maven/com.thoughtworks.xstream/xstream@1.4.21

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-fcg2-x3s5-wudk	XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream ### Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. ### Patches XStream 1.4.21 detects the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead. ### Workarounds The only solution is to catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver. ### References See full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2024-47072](https://x-stream.github.io/CVE-2024-47072.html). ### Credits Alexis Challande of Trail Of Bits found and reported the issue to XStream and provided the required information to reproduce it.	CVE-2024-47072 GHSA-hfq9-hggm-c56q

Vulnerability

Summary

Aliases

VCID-fcg2-x3s5-wudk

XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream ### Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. ### Patches XStream 1.4.21 detects the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead. ### Workarounds The only solution is to catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver. ### References See full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2024-47072](https://x-stream.github.io/CVE-2024-47072.html). ### Credits Alexis Challande of Trail Of Bits found and reported the issue to XStream and provided the required information to reproduce it.

CVE-2024-47072
GHSA-hfq9-hggm-c56q

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:13:41.700192+00:00	GitLab Importer	Fixing	VCID-fcg2-x3s5-wudk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.thoughtworks.xstream/xstream/CVE-2024-47072.yml	38.4.0
2026-04-12T00:32:13.733464+00:00	GitLab Importer	Fixing	VCID-fcg2-x3s5-wudk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.thoughtworks.xstream/xstream/CVE-2024-47072.yml	38.3.0
2026-04-07T04:56:23.091724+00:00	GHSA Importer	Fixing	VCID-fcg2-x3s5-wudk	https://github.com/advisories/GHSA-hfq9-hggm-c56q	38.1.0
2026-04-03T00:39:57.316056+00:00	GitLab Importer	Fixing	VCID-fcg2-x3s5-wudk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.thoughtworks.xstream/xstream/CVE-2024-47072.yml	38.1.0
2026-04-02T12:40:21.832546+00:00	GitLab Importer	Fixing	VCID-fcg2-x3s5-wudk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.thoughtworks.xstream/xstream/CVE-2024-47072.yml	38.0.0
2026-04-01T12:51:10.447742+00:00	GithubOSV Importer	Fixing	VCID-fcg2-x3s5-wudk	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-hfq9-hggm-c56q/GHSA-hfq9-hggm-c56q.json	38.0.0