Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

Patch

com.thoughtworks.xstream:xstream 1.4.10

Back to all
Package Version

com.thoughtworks.xstream:xstream 1.4.10

Github Repository

Package Version Scores

Overall
0
/10
Security
4
Activity
6
Popularity
8
Quality
4
All Factors
Security
Activity
Popularity
Code Quality
Quality
Pull Requests from Bots
Pull requests from bot accounts indicate that the project is using automation for development tasks.
Quality
Pull Requests from Bots
Pull requests from bot accounts indicate that the project is using automation for development tasks.

Endor Patches

Patch Name
CVEs fixed
Lines of Code Changed
67fea1fbd48e850f6d67bb7e
CVEs Fixed
C
9
H
25
+543
-194

Vulnerabilities Fixed

Cve Name
CVE ID
Severity
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-21350
Critical
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-21346
Critical
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-21344
Critical
Command Injection in Xstream
CVE-2013-7285
Critical
Deserialization of Untrusted Data and Code Injection in xstream
CVE-2019-10173
Critical
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-21351
Critical
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
CVE-2021-21342
Critical
XStream is vulnerable to a Remote Command Execution attack
CVE-2021-21345
Critical
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-21347
Critical
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-39153
High
XStream can cause a Denial of Service.
CVE-2021-21341
High
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-39149
High
Server-Side Forgery Request can be activated unmarshalling with XStream
CVE-2020-26258
High
XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)
CVE-2021-21348
High
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-39139
High
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-39154
High
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights
CVE-2021-21343
High
XStream is vulnerable to a Remote Command Execution attack
CVE-2021-29505
High
Denial of service in XStream
CVE-2017-7957
High
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-39145
High
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
CVE-2021-39150
High
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
CVE-2021-21349
High
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-39141
High
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-39147
High
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-39151
High
XStream is vulnerable to a Remote Command Execution attack
CVE-2021-39144
High
XStream can be used for Remote Code Execution
CVE-2020-26217
High
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-39146
High
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-39148
High
Denial of Service by injecting highly recursive collections or maps in XStream
CVE-2021-43859
High
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
CVE-2021-39152
High
XStream can cause Denial of Service via stack overflow
CVE-2022-41966
High
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow
CVE-2022-40151
High
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
CVE-2024-47072
High

Get Your First 3 Patches Free

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

References

Basic Information

Ecosystem
Release Date
May 16, 2025
LINES OF CODE CHANGED
+543
-194
-
on latest patch
License
Patch Available

Get Your First 3 Patches Free

Secure your app without upgrading.
Fix Without Upgrading
{
"items": [
{
"title": "High Ratio of Commits Related to Vulnerabilities",
"description": "A high volume of commits related to vulnerabilities may indicate that the project has a large number of security issues but also that they are actively being addressed. A commit is considered vulnerability related if it mentions a CVE in its commit message",
"category": "security",
"type": "upscore"
},
{
"title": "Recent Issue Activity",
"description": "Recent issue activity indicates that the project is in active development",
"category": "activity",
"type": "upscore"
},
{
"title": "High Ratio of Closed Issues",
"description": "More issues being closed than opened indicates that the project is active",
"category": "activity",
"type": "upscore"
},
{
"title": "Issues with Labels",
"description": "Attaching labels to issues allows for better tracking of issue activity in the project",
"category": "code quality",
"type": "upscore"
},
{
"title": "High Ratio of Issues Created by External Contributors",
"description": "A high ratio of issues opened by external contributors indicates that the project is active",
"category": "activity",
"type": "upscore"
},
{
"title": "Recent Pull Request Activity",
"description": "Recent pull request activity indicates that the project is active",
"category": "activity",
"type": "upscore"
},
{
"title": "No Merged Pull Requests",
"description": "Lack of merged pull requests indicates that the project may not be maintained",
"category": "activity",
"type": "downscore"
},
{
"title": "High Ratio of Rejected Pull Requests",
"description": "A high ratio of rejected pull requests indicates that the project may not be actively developed",
"category": "activity",
"type": "downscore"
},
{
"title": "Pull Requests Have Labels",
"description": "Attaching labels to pull requests helps organize the development activity in the project",
"category": "code quality",
"type": "upscore"
},
{
"title": "Limited Activity From Corporate Accounts",
"description": "Lack of activity from corporate affiliated accounts indicates that the project may not have reliable backing and support",
"category": "activity",
"type": "downscore"
},
{
"title": "Releases do not Follow SemVer",
"description": "The repository has releases that do not follow the SemVer standard, this goes against best practices",
"category": "code quality",
"type": "downscore"
},
{
"title": "No Release Activity",
"description": "The repository does not have any recent releases and this could mean that it is not actively maintained",
"category": "activity",
"type": "downscore"
},
{
"title": "Unusually Fast First Release",
"description": "It is unusual for a repository to have its first release so soon after getting created",
"category": "code quality",
"type": "downscore"
},
{
"title": "Versions do not Follow SemVer",
"description": "The package has versions that do not follow the SemVer standard, this goes against best practices",
"category": "code quality",
"type": "downscore"
},
{
"title": "No Version Activity",
"description": "The package does not have any recent version creation and this could mean that it is not actively maintained",
"category": "activity",
"type": "downscore"
},
{
"title": "Unusually Fast First Version",
"description": "It is unusual for a package to have its first version created so soon after the repository was created",
"category": "code quality",
"type": "downscore"
},
{
"title": "Organization Repository",
"description": "When a repository belongs to an organization there is a lower risk of it getting abandoned in the future",
"category": "activity",
"type": "upscore"
},
{
"title": "Unfixed Medium Severity Vulnerabilities",
"description": "Unfixed medium severity vulnerabilities discovered in a repository indicate a somewhat elevated security risk. Analysis only considers vulnerabilities associated with this repository and not its dependencies. Vulnerability information is based on OSV.dev data and Endor's vulnerability database",
"category": "security",
"type": "downscore"
},
{
"title": "Contributions From Many Reputable Accounts",
"description": "A large number of reputable contributors affiliated with the project indicates that the project is reliable. An account is considered reputable if it participates in multiple open source projects and has a high rating in GitHub",
"category": "popularity",
"type": "upscore"
},
{
"title": "Has Stars",
"description": "Having some stars indicates interest in the project. ",
"category": "popularity",
"type": "upscore"
},
{
"title": "Has Forks",
"description": "Having some forks shows an interest in the project",
"category": "popularity",
"type": "neutral"
},
{
"title": "Many Subscribers",
"description": "A very large number of subscribers indicates an active interest in the project",
"category": "popularity",
"type": "upscore"
},
{
"title": "No Automated Build System",
"description": "Reproducible builds using makefiles or CI systems allow verification that no modifications, such as vulnerabilities or backdoors, have been introduced during a package's build process",
"category": "code quality",
"type": "downscore"
},
{
"title": "High Ratio of Test Code",
"description": "High quality projects should use tests",
"category": "code quality",
"type": "upscore"
},
{
"title": "Repository has Badges",
"description": "The use of badges indicates that the repository is well maintained",
"category": "code quality",
"type": "upscore"
},
{
"title": "Repository has Some Best Practice Files",
"description": "The repository has files that cover basic operational aspects of the project and this shows an emphasis on best practices",
"category": "code quality",
"type": "upscore"
},
{
"title": "Repository has Topics",
"description": "Configuring topics is an indication that the repository is well maintained",
"category": "activity",
"type": "upscore"
}
]
}