CVE-2021-29505: XStream Remote Command Execution Vulnerability Alert
XStream is a simple library to serialize objects to XML and back again. Through this vulnerability, the attacker constructs a specific xml, bypasses the XStream blacklist, manipulates the processed input stream, and replaces the object, thereby executing local commands on the server. In this regard, we recommend that users upgrade XStream to the latest version in time.
Affected version
- XStream <=1.4.16
Unaffected
- XStream 1.4.17