CVE-2024-47072

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 8, 2024
CWE ID 121
CWE ID 502

Summary

CVE-2024-47072 is a vulnerability affecting the XStream library, which is used for serializing objects to XML and back again. An attacker can potentially cause a denial of service by manipulating the input stream when XStream is configured to use the BinaryStreamDriver. This may result in a stack overflow error. XStream 1.4.21 has been patched to detect and prevent the manipulation in the binary input stream, raising an InputManipulationException instead. Users are strongly advised to upgrade to the patched version. Those unable to do so can catch the StackOverflowError in their client code to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share