漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
XStream Denial of Service via stack overflow
漏洞信息
XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.
漏洞信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
漏洞
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
漏洞
XStream 安全漏洞
漏洞信息
XStream是XStream团队的一个轻量级的、简单易用的开源Java类库,它主要用于将对象序列化成XML(JSON)或反序列化为对象。 XStream 1.4.20之前的版本存在安全漏洞,该漏洞源于其允许远程攻击者通过栈溢出错误终止应用程序,仅通过操作已处理的输入流导致拒绝服务。
漏洞信息
N/A
漏洞
N/A