Browse all 3 CVE security advisories affecting xstream. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Xstream is a Java library for serializing objects to XML and deserializing XML back to objects, commonly used for data exchange in enterprise applications. Historically, it has been vulnerable to remote code execution (RCE) due to unsafe deserialization of untrusted input, with three CVEs recorded. The library's default configuration allows processing of arbitrary types, enabling attackers to execute malicious code through crafted XML payloads. Notable security characteristics include its permissive type handling and lack of built-in input validation, making it a frequent target in supply chain attacks. Organizations using xstream should implement strict input validation and consider alternative serialization libraries with stronger security controls.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-40151 | Stack Buffer Overflow in xstream — xstreamCWE-121 | 6.5 | Medium | 2022-09-16 |
| CVE-2019-10173 | XStream 代码注入漏洞 — xstreamCWE-94 | 9.8 | - | 2019-07-23 |
This page lists every published CVE security advisory associated with xstream. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.