Uploaded image for project: 'ActiveMQ Classic'
  1. ActiveMQ Classic
  2. AMQ-8348

XmlMessageRenderer has the risk of XStream deserialization

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • None
    • 5.16.3, 5.17.0
    • Transport
    • None

    Description

      XmlMessageRenderer.getXstream() method:

      public XStream getXstream() {
 if (xstream == null) {
   xstream = new XStream();
 }
 return xstream;
}

      There is a risk of XStream deserialization

      Attachments

        Activity

          People

            jbonofre Jean-Baptiste Onofré
            nodece Zixuan Liu
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 0.5h
                0.5h