VulnerableCode Package Details - pkg:maven/xstream/xstream@1.0-rc1

Search for packages

Vulnerability	Summary	Fixed by
VCID-nn7p-d7hz-53d5 Aliases: CVE-2017-7957 GHSA-7hwc-46rm-65jh	XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call.	1.4.10 Affected by 0 other vulnerabilities.
VCID-y8ub-2kad-kqbs Aliases: CVE-2013-7285 GHSA-f554-x222-wgf7	Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.	1.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-nn7p-d7hz-53d5
Aliases:
CVE-2017-7957
GHSA-7hwc-46rm-65jh

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call.

1.4.10
Affected by 0 other vulnerabilities.

VCID-y8ub-2kad-kqbs
Aliases:
CVE-2013-7285
GHSA-f554-x222-wgf7

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.

1.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T20:54:20.276693+00:00	GitLab Importer	Affected by	VCID-y8ub-2kad-kqbs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xstream/xstream/CVE-2013-7285.yml	38.4.0
2026-04-16T20:36:49.699372+00:00	GitLab Importer	Affected by	VCID-nn7p-d7hz-53d5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xstream/xstream/CVE-2017-7957.yml	38.4.0
2026-04-11T22:05:18.001625+00:00	GitLab Importer	Affected by	VCID-y8ub-2kad-kqbs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xstream/xstream/CVE-2013-7285.yml	38.3.0
2026-04-11T21:47:24.379355+00:00	GitLab Importer	Affected by	VCID-nn7p-d7hz-53d5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xstream/xstream/CVE-2017-7957.yml	38.3.0
2026-04-02T22:18:10.637115+00:00	GitLab Importer	Affected by	VCID-y8ub-2kad-kqbs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xstream/xstream/CVE-2013-7285.yml	38.1.0
2026-04-02T22:01:21.989381+00:00	GitLab Importer	Affected by	VCID-nn7p-d7hz-53d5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xstream/xstream/CVE-2017-7957.yml	38.1.0
2026-04-01T16:35:50.702946+00:00	GitLab Importer	Affected by	VCID-y8ub-2kad-kqbs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xstream/xstream/CVE-2013-7285.yml	38.0.0
2026-04-01T16:18:32.924091+00:00	GitLab Importer	Affected by	VCID-nn7p-d7hz-53d5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xstream/xstream/CVE-2017-7957.yml	38.0.0