Uploaded image for project: 'Maven WAR Plugin'
  1. Maven WAR Plugin
  2. MWAR-369

Upgrade to XStream 1.4.9

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.6
    • Fix Version/s: 3.0.0
    • Component/s: manifest
    • Labels:

      Description

      maven-war-plugin v2.6 has dependency on com.thoughtworks.xstream:xstream 1.4.4

      There are two security threats:

      • CVE-2013-7285, an arbitrary execution of commands when unmarshalling. Addressed in 1.4.7
      • XXE vulnerability, addressed in 1.4.9

      CVE-2013-7285 is identified as an "unscored" threat by Nexus Repository Manager.

        Attachments

          Activity

            People

            • Assignee:
              khmarbaise Karl Heinz Marbaise
              Reporter:
              marks Mark Symons
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: