Security Advisory

CVE-2017-7957

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-04-29 19:00:00

Last updated 2024-08-05 16:19:29

Assigner mitre

State PUBLISHED

Description

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type void during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call.

← Browse all CVEs View on cve.org ↗