CESA-2021:1354 -- centos 7 xstreamID: oval:org.secpod.oval:def:205859 | Date: (C)2021-05-04 (M)2023-11-13 |
Class: PATCH | Family: unix |
XStream is a Java XML serialization library to serialize objects to and deserialize object from XML. Security Fix: * XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet * XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry * XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue * XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator * XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.