High severity7.5NVD Advisory· Published May 17, 2016· Updated Jun 17, 2026
CVE-2016-3674
CVE-2016-3674
Description
Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.thoughtworks.xstream:xstreamMaven | < 1.4.9 | 1.4.9 |
Affected products
2- ghsa-coords2 versions
< 1.4.9+ 1 more
- (no CPE)range: < 1.4.9
- (no CPE)range: < 1.4.18-1.1
Patches
Vulnerability mechanics
References
14- lists.fedoraproject.org/pipermail/package-announce/2016-April/183180.htmlnvdBroken LinkThird Party AdvisoryWEB
- lists.fedoraproject.org/pipermail/package-announce/2016-April/183208.htmlnvdBroken LinkThird Party AdvisoryWEB
- www.debian.org/security/2016/dsa-3575nvdThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2016/03/25/8nvdMailing ListThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2016/03/28/1nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/85381nvdThird Party AdvisoryVDB EntryWEB
- www.securitytracker.com/id/1036419nvdThird Party AdvisoryVDB EntryWEB
- x-stream.github.io/changes.htmlnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-rgh3-987h-wpmwghsaADVISORY
- github.com/x-stream/xstream/issues/25nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2016-3674ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2016-2822.htmlnvdBroken LinkWEB
- rhn.redhat.com/errata/RHSA-2016-2823.htmlnvdBroken LinkWEB
- snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-30385ghsaWEB
News mentions
0No linked articles in our index yet.