Security Vulnerabilities fixed in xstream RHSA-2021:1354

description-logoDescription

XStream is a Java XML serialization library to serialize objects to and deserialize object from XML. Security Fix(es): XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet (CVE-2021-21344) XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry (CVE-2021-21345) XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue (CVE-2021-21346) XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator (CVE-2021-21347) XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader (CVE-2021-21350) XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet (CVE-2021-21344) XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry (CVE-2021-21345) XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue (CVE-2021-21346) XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator (CVE-2021-21347) XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader (CVE-2021-21350) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. SolutionFor details on how to apply this update, which includes the changes described in this advisory, refer to:https://access.redhat.com/articles/11258

affected-products-logoAffected Applications

xstream