CVE-2016-3674

Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.

References

Affected packages

Git / github.com/x-stream/xstream

Affected ranges

Type: GIT
Repo: https://github.com/x-stream/xstream
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f66bbea1b383e705988abf8d06ea9782a73f24d4

Affected versions

Other

XSTREAM_1_4_5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3674.json"