Description
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
Remediation
References
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367
https://github.com/x-stream/xstream/issues/304
Related Vulnerabilities
CVE-2018-3722 Vulnerability in maven package org.webjars.npm:merge-deep
CVE-2019-12043 Vulnerability in maven package org.webjars.bower:remarkable
CVE-2020-19697 Vulnerability in maven package org.webjars.bowergithub.pandao:editor.md
CVE-2023-30519 Vulnerability in maven package org.jenkins-ci.plugins:quayio-trigger