[Aikido] Fix security issue in xstream via minor version upgrade from 1.4.5 to 1.4.21

[aikido-autofix]

Upgrade XStream to mitigate critical RCE vulnerabilities allowing remote code execution via maliciously crafted input streams across multiple CVEs.

✅ 37 CVEs resolved by this upgrade, including 10 critical 🚨 CVEs

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2021-21345	🚨 CRITICAL	[xstream] Remote code execution vulnerability allowing attackers with sufficient rights to execute arbitrary commands on the host by manipulating the input stream, potentially bypassing XStream's default security framework.
CVE-2013-7285	🚨 CRITICAL	[xstream] API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.
CVE-2021-21350	🚨 CRITICAL	[xstream] Remote code execution vulnerability allowing attackers to execute arbitrary code by manipulating the input stream, bypassing default security mechanisms. Requires no user interaction and can fully compromise systems processing untrusted XML data.
CVE-2021-21347	🚨 CRITICAL	[xstream] Remote code execution vulnerability allowing attackers to load and execute arbitrary code by manipulating the input stream, potentially compromising system security without proper input validation or security framework configuration.
CVE-2021-21346	🚨 CRITICAL	[xstream] Remote code execution vulnerability allowing attackers to load and execute arbitrary code by manipulating the input stream, potentially compromising system security without proper input validation or security framework configuration.
CVE-2021-21344	🚨 CRITICAL	[xstream] Remote code execution vulnerability allowing attackers to load and execute arbitrary code by manipulating the input stream, potentially compromising system security without proper input validation or security framework configuration.
CVE-2019-10173	🚨 CRITICAL	[xstream] Remote code execution vulnerability where an uninitialized security framework allows attackers to execute arbitrary shell commands by crafting malicious XML or JSON payloads during deserialization, potentially compromising the entire system.
CVE-2021-21351	🚨 CRITICAL	[xstream] Remote code execution vulnerability allowing attackers to load and execute arbitrary code by manipulating the input stream, potentially compromising system security without proper input validation or security framework configuration.
CVE-2021-21342	🚨 CRITICAL	[xstream] Server-side object injection vulnerability allows attackers to manipulate XML input, potentially triggering unauthorized object creation and server-side request forgery (SSRF) by exploiting unmarshalling process with malicious type information.
CVE-2021-39144	🚨 CRITICAL	[xstream] Remote code execution vulnerability allowing attackers to execute arbitrary commands on the host by manipulating the input stream, potentially compromising system security if XStream's security framework is not properly configured with a strict type whitelist.
CVE-2021-29505	HIGH	[xstream] Remote code execution vulnerability allowing attackers with sufficient rights to execute arbitrary commands on the host by manipulating the input stream, potentially bypassing security controls if a restrictive whitelist is not implemented.
CVE-2020-26217	HIGH	[xstream] Remote Code Execution vulnerability allowing attackers to execute arbitrary shell commands by manipulating input streams. Affects systems using blocklist-based security, potentially enabling complete system compromise through crafted input.
CVE-2021-39139	HIGH	[xstream] Remote code execution vulnerability in XStream allowing attackers to load and execute arbitrary code by manipulating the input stream, potentially compromising system security through deserialization of untrusted data.
CVE-2021-21349	HIGH	[xstream] Server-side request forgery (SSRF) vulnerability allowing attackers to access internal, non-public resources by manipulating input streams, potentially exposing sensitive data through crafted XML input.
CVE-2021-39141	HIGH	[xstream] Remote code execution vulnerability allowing attackers to load and execute arbitrary code by manipulating the input stream, potentially compromising system security without proper input validation and whitelisting.
CVE-2021-39154	HIGH	[xstream] Remote code execution vulnerability allowing attackers to load and execute arbitrary code by manipulating the input stream, potentially compromising system security without proper input validation and whitelisting.
CVE-2021-39153	HIGH	[xstream] Remote code execution vulnerability allowing attackers to load and execute arbitrary code by manipulating the input stream, exploitable when using default configurations on specific Java runtime versions or with JavaFX installed.
CVE-2021-39152	HIGH	[xstream] A remote attacker can manipulate the input stream to access internal non-public resources via server-side request forgery (SSRF) when using Java runtime versions 14 to 8, potentially exposing sensitive information or system internals.
CVE-2021-39151	HIGH	[xstream] Remote code execution vulnerability allowing attackers to load and execute arbitrary code by manipulating the input stream, potentially compromising system security without proper input validation and whitelisting.
CVE-2021-39150	HIGH	[xstream] A remote attacker can manipulate the input stream to access internal non-public resources via server-side request forgery (SSRF) when using Java runtime versions 14 to 8, potentially exposing sensitive information or system internals.
CVE-2021-39149	HIGH	[xstream] Remote code execution vulnerability allowing attackers to load and execute arbitrary code by manipulating the input stream, potentially compromising system security without proper input validation and whitelisting.
CVE-2021-39148	HIGH	[xstream] Remote code execution vulnerability allowing attackers to load and execute arbitrary code by manipulating the input stream, potentially compromising system security without proper input validation and whitelisting.
CVE-2021-39147	HIGH	[xstream] Remote code execution vulnerability allowing attackers to load and execute arbitrary code by manipulating the input stream, potentially compromising system security without proper input validation and whitelisting.
CVE-2021-39146	HIGH	[xstream] Remote code execution vulnerability allowing attackers to load and execute arbitrary code by manipulating the input stream, potentially compromising system security without proper input validation and whitelisting.
CVE-2021-39145	HIGH	[xstream] Remote code execution vulnerability allowing attackers to load and execute arbitrary code by manipulating the input stream, potentially compromising system security without proper input validation and whitelisting.
CVE-2020-26258	HIGH	[xstream] A Server-Side Request Forgery (SSRF) vulnerability allows remote attackers to access internal, non-public resources by manipulating the input stream during object deserialization, potentially exposing sensitive network information.
CVE-2022-41966	HIGH	[xstream] A remote attacker can cause a denial of service by manipulating input streams, triggering recursive hash calculations that lead to a stack overflow error, potentially crashing the application.
CVE-2021-21341	HIGH	[xstream] A remote attacker can craft a malicious XML input that consumes 100% CPU, causing a denial of service (DoS) by overwhelming system resources through excessive processing demands.
CVE-2021-21348	HIGH	[xstream] A remote attacker can trigger a denial-of-service (DoS) vulnerability by crafting a malicious XML payload that causes an infinite CPU consumption loop, potentially rendering the service unresponsive. Mitigated by using a strict security whitelist.
CVE-2021-21343	HIGH	[xstream] Unmarshalling vulnerability allows attackers to manipulate input stream, potentially causing file deletion on the local host through object injection during XML deserialization, impacting systems not using a strict type whitelist.
CVE-2024-47072	HIGH	[xstream] A remote attacker can cause a denial of service by triggering a stack overflow when XStream uses BinaryStreamDriver, crashing the application through maliciously crafted input streams.
CVE-2022-40151	HIGH	[xstream] Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
CVE-2017-7957	HIGH	[xstream] through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("") call.
CVE-2016-3674	HIGH	[xstream] Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.
CVE-2020-26259	MEDIUM	[xstream] Arbitrary file deletion vulnerability in XStream allows remote attackers to delete known files on the host by manipulating the input stream, potentially causing data loss if the process has sufficient file system permissions.
CVE-2021-39140	MEDIUM	[xstream] A remote attacker can craft a malicious XML input that triggers excessive CPU consumption, potentially causing a denial of service by monopolizing system resources through carefully constructed payload manipulation.
CVE-2021-43859	LOW	[xstream] A crafted XML input can trigger excessive CPU consumption, potentially causing a denial of service (DoS) by manipulating the input stream and exhausting system resources through recursive processing.