2017-04-29 19:00:00
mitre
PUBLISHED
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type void during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("