MGASA-2014-0100 — Vulnetix

MGASA-2014-0100 PUBLISHED CVSS 9.300000190734863 CRITICAL

Updated xstream packages fix security vulnerability: It was found that XStream would deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application (CVE-2013-7285).

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Mageia:4	kxml	0, 0
Mageia:3	xstream	0, 0
Mageia:4	xstream	0, 0

Timeline

Feb 25, 2014 CVE Published
Apr 16, 2026 CVE Updated

References

https://advisories.mageia.org/MGASA-2014-0100.html advisory
http://xstream.codehaus.org/security.html url
https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128807.html url
https://bugs.mageia.org/show_bug.cgi?id=12874 report

Open in Interactive Console →