Security Issue Identified
51 views
Skip to first unread message
Benjamin Hendel
Aug 31, 2022, 6:14:34 PM8/31/22
to XStream User
Hello,
I found an issue in XStream 1.4.19 that may allow an attacker to access sensitive information or trigger functionality that is not intentionally exposed when untrusted XML is deserialized in some realistic circumstances. Who should I email about this?
Thanks,
Benjamin Hendel
Jörg Schaible
Sep 4, 2022, 7:04:02 PM9/4/22
to XStream User
Hi Benjamin,
you should have received an invitation to XStream's Security list. Please
report there.
Regards,
Jörg
On Thursday, 1. September 2022, 00:14:34 CEST 'Benjamin Hendel' wrote in
XStream User:
you should have received an invitation to XStream's Security list. Please
report there.
Regards,
Jörg
On Thursday, 1. September 2022, 00:14:34 CEST 'Benjamin Hendel' wrote in
XStream User:
Benjamin Hendel
Sep 6, 2022, 6:12:26 PM9/6/22
to XStream User
Thanks, reported.
Vikas Gaur
Oct 13, 2022, 4:25:30 AM10/13/22
to XStream User
Hey Benjamin,
any update when the team is plannin to fix this issue ?
Regards
Vikas Gaur
any update when the team is plannin to fix this issue ?
Regards
Vikas Gaur
Reply all
Reply to author
Forward
0 new messages