Uploaded image for project: 'XWiki Commons'
  1. XWiki Commons
  2. XCOMMONS-2541

CVE-2022-40151 because of XStream

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Critical
    • None
    • None
    • Dependency Upgrades
    • None
    • Hard

    Description

      Hi,

      The XStream dependency is vulnerable to CVE-2022-40151 (see xstream issue #304 on github) and the project seems pretty dead since the disclosure, so noone seems onto fixing it...

      if this security risk was to remain untreated, could you possibly consider switching to an alternative API/lib like for exemple XMLInputFactory from StAX parser which is the standard javareference implementation ?

      Thank you very much.

      Regards,

      Y. Savanier

       

      Attachments

        Issue Links

          duplicates

          Task - A task that needs to be done. XCOMMONS-2266 Upgrade to XStream 1.4.20

          • Major - Major loss of function.
          • Closed

          Activity

            People

              tmortagne Thomas Mortagne
              YSavanier yannick savanier
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: