Threat Encyclopedia

XStream.Library.ReflectionConverter.Insecure.Deserialization

description-logoDescription

This indicates an attack attempt to exploit an Insecure Deserialization Vulnerability in XStream.
A remote attacker could exploit this vulnerability by sending specially crafted XML file to the affected application. Successful exploitation could allow the attacker to execute arbitrary command under the security context of the process.

affected-products-logoAffected Products

XStream 1.4.10

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
http://x-stream.github.io/changes.html#1.4.11

CVE References

CVE-2019-10173