Remote Application Crash Vulnerability in XStream

Remote Application Crash Vulnerability in XStream

CVE-2017-7957 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call.

Learn more about our Web Application Penetration Testing UK.