Improve CVE table documenting vulnerable versions.

x-stream · Mar 17, 2021 · b6c5941 · b6c5941
1 parent 40c826f
commit b6c5941
Showing 1 changed file with 16 additions and 11 deletions.
diff --git a/xstream-distribution/src/content/security.html b/xstream-distribution/src/content/security.html
@@ -42,15 +42,16 @@ <h2 id="CVEs">Documented Vulnerabilities</h2>
 
     <p>Over the years, several of these attacks have been reported and documented in the Common Vulnerability and
     Exposure (CVE) system managed by the <a href="http://www.mitre.org/">Mitre Corporation</a>. Following a list of the
-    reported vulnerabilities:</p>
+    reported vulnerabilities for the different versions:</p>
 
     <table summary="Table of reported vulnerabilities daocumented as CVE">
       <tr>
         <th>CVE</th>
         <th>Description</th>
       </tr>
       <tr>
-        <th>2021</th>
+        <th>Version 1.4.15</th>
+        <td></td>
         <td></td>
       </tr>
       <tr>
@@ -101,13 +102,9 @@ <h2 id="CVEs">Documented Vulnerabilities</h2>
         <td>XStream is vulnerable to an Arbitrary Code Execution attack.</td>
       </tr>
       <tr>
-        <th>2020</th>
+        <th>Version 1.4.14</th>
         <td></td>
       </tr>
-      <tr>
-        <th><a href="CVE-2020-26217.html">CVE-2020-26217</a></th>
-        <td>XStream can be used for Remote Code Execution.</td>
-      </tr>
       <tr>
         <th><a href="CVE-2020-26258.html">CVE-2020-26258</a></th>
         <td>A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an
@@ -119,23 +116,31 @@ <h2 id="CVEs">Documented Vulnerabilities</h2>
         executing process has sufficient rights.</td>
       </tr>
       <tr>
-        <th>2017</th>
+        <th>Version 1.4.13</th>
+        <td></td>
+      </tr>
+      <tr>
+        <th><a href="CVE-2020-26217.html">CVE-2020-26217</a></th>
+        <td>XStream can be used for Remote Code Execution.</td>
+      </tr>
+      <tr>
+        <th>Version 1.4.9</th>
         <td></td>
       </tr>
       <tr>
         <th><a href="CVE-2017-7957.html">CVE-2017-7957</a></th>
         <td>XStream can cause a Denial of Service when unmarshalling void.</td>
       </tr>
       <tr>
-        <th>2016</th>
+        <th>Version 1.4.8</th>
         <td></td>
       </tr>
       <tr>
         <th><a href="CVE-2016-3674.html">CVE-2016-3674</a></th>
         <td>XML External Entity (XXE) Vulnerability in XStream.</td>
       </tr>
       <tr>
-        <th>2013</th>
+        <th>Version 1.4.6 (and 1.4.10)</th>
         <td></td>
       </tr>
       <tr>
@@ -146,7 +151,7 @@ <h2 id="CVEs">Documented Vulnerabilities</h2>
 
     <p>See <a href="#workaround">workarounds</a> for the different versions covering all the CVEs listed here.</p>
 
-	<p class="hightlight">This list will contain only vulnerabilities, that can be created using the Java runtime with
+	<p class="hightlight">This list contains only vulnerabilities, that could be created using the Java runtime with
 	XStream.  Vulnerabilities introduced by using additional 3rd party libraries and classes are beyond XStream's
 	responsibility for a provided default blacklist.</p>