Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

High Severity Vulnerability in xstream-1.4.19.jar #1483

Open
gdut-yy opened this issue Jan 7, 2023 · 1 comment
Open

High Severity Vulnerability in xstream-1.4.19.jar #1483

gdut-yy opened this issue Jan 7, 2023 · 1 comment

Comments

@gdut-yy
Copy link
Contributor

gdut-yy commented Jan 7, 2023

December 24, 2022 XStream 1.4.20 released

This maintenance release addresses the security vulnerabilities CVE-2022-40151 and CVE-2022-41966, causing a Denial of Service by raising a stack overflow. It also provides new converters for Optional and Atomic types.
@gdut-yy gdut-yy mentioned this issue Jan 7, 2023
Open
shyamrox added a commit to shyamrox/eureka that referenced this issue Sep 26, 2023
@shyamrox
Upgrade to XStream 1.4.20
0f58429 
Addressing issue:
Netflix#1483
@shyamrox shyamrox mentioned this issue Sep 26, 2023
Merged
shyamrox added a commit to shyamrox/eureka that referenced this issue Sep 26, 2023
@shyamrox
Upgrade to xstream 1.4.20 to fix CVE
808b60a 
Netflix#1483
Fixes:
CVE-2022-40151
CVE-2022-41966
@shyamrox shyamrox mentioned this issue Sep 26, 2023
Open
@shyamrox
Copy link

I just submitted this fix. Feel free to assign the issue to me so I can close it out once the pull request is merged.
#1516

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gdut-yy @shyamrox