[MWAR-369] Upgrade to XStream 1.4.9 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.6
Fix Version/s: 3.0.0
Component/s: manifest
Labels:
- security

Description

maven-war-plugin v2.6 has dependency on com.thoughtworks.xstream:xstream 1.4.4

There are two security threats:

CVE-2013-7285, an arbitrary execution of commands when unmarshalling. Addressed in 1.4.7
XXE vulnerability, addressed in 1.4.9

CVE-2013-7285 is identified as an "unscored" threat by Nexus Repository Manager.

Attachments

Activity

People

Assignee:: Karl Heinz Marbaise

Reporter:: Mark Symons

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 29/Mar/16 14:56

Updated:: 02/Apr/16 22:00

Resolved:: 02/Apr/16 22:00