CVE-2024-47072
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-47072 is a vulnerability affecting the XStream library, which is used for serializing objects to XML and back again. An attacker can potentially cause a denial of service by manipulating the input stream when XStream is configured to use the BinaryStreamDriver. This may result in a stack overflow error. XStream 1.4.21 has been patched to detect and prevent the manipulation in the binary input stream, raising an InputManipulationException instead. Users are strongly advised to upgrade to the patched version. Those unable to do so can catch the StackOverflowError in their client code to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- XStream