High severityNVD Advisory· Published May 17, 2016· Updated Aug 6, 2024
CVE-2016-3674
CVE-2016-3674
Description
Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.thoughtworks.xstream:xstreamMaven | < 1.4.9 | 1.4.9 |
Affected products
2- ghsa-coords2 versions
< 1.4.9+ 1 more
- (no CPE)range: < 1.4.9
- (no CPE)range: < 1.4.18-1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- lists.fedoraproject.org/pipermail/package-announce/2016-April/183180.htmlghsavendor-advisoryx_refsource_FEDORAWEB
- lists.fedoraproject.org/pipermail/package-announce/2016-April/183208.htmlghsavendor-advisoryx_refsource_FEDORAWEB
- rhn.redhat.com/errata/RHSA-2016-2822.htmlghsavendor-advisoryx_refsource_REDHATWEB
- rhn.redhat.com/errata/RHSA-2016-2823.htmlghsavendor-advisoryx_refsource_REDHATWEB
- www.debian.org/security/2016/dsa-3575ghsavendor-advisoryx_refsource_DEBIANWEB
- github.com/advisories/GHSA-rgh3-987h-wpmwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-3674ghsaADVISORY
- www.openwall.com/lists/oss-security/2016/03/25/8ghsamailing-listx_refsource_MLISTWEB
- www.openwall.com/lists/oss-security/2016/03/28/1ghsamailing-listx_refsource_MLISTWEB
- www.securityfocus.com/bid/85381ghsavdb-entryx_refsource_BIDWEB
- www.securitytracker.com/id/1036419ghsavdb-entryx_refsource_SECTRACKWEB
- x-stream.github.io/changes.htmlghsax_refsource_CONFIRMWEB
- github.com/x-stream/xstream/issues/25ghsax_refsource_CONFIRMWEB
- snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-30385ghsaWEB
News mentions
0No linked articles in our index yet.