Description
maven-war-plugin v2.6 has dependency on com.thoughtworks.xstream:xstream 1.4.4
There are two security threats:
- CVE-2013-7285, an arbitrary execution of commands when unmarshalling. Addressed in 1.4.7
- XXE vulnerability, addressed in 1.4.9
CVE-2013-7285 is identified as an "unscored" threat by Nexus Repository Manager.