Uploaded image for project: 'Portal'
  1. Portal
  2. PORTAL-155 Review security issues: portal
  3. PORTAL-165

CVE-2017-7957 xstream. Upgrade to version 1.4.7-2+

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Medium Medium
    • Beijing Release
    • None
    • None
    • None
    • Portal Sprint 6, Portal Sprint 7

      XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call.

            sa282w sa282w
            farhan mir farhan mir
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: