| Package | libxstream-java |
|---|---|
| Version | 1.4.11.1-1+deb8u3 |
| Related CVEs | CVE-2021-29505 |
A vulnerability in XStream, a Java library to serialize objects to and from XML, may allow a remote attacker to execute commands of the host only by manipulating the processed input stream.
Note: the XStream project recommends to setup its security framework with a whitelist limited to the minimal required types, rather than relying on the black list (which got updated to address this vulnerability). The project is also phasing out maintainance of the black list, see https://x-stream.github.io/security.html .
For Debian 8 jessie, these problems have been fixed in version 1.4.11.1-1+deb8u3.
We recommend that you upgrade your libxstream-java packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.