VYPR
High severity7.5NVD Advisory· Published Apr 29, 2017· Updated Jun 17, 2026

CVE-2017-7957

CVE-2017-7957

Description

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("") call.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.thoughtworks.xstream:xstreamMaven
< 1.4.101.4.10

Affected products

31

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.