lsm/weixin-java-tools
1
0
Fork 0
mirror of https://gitee.com/binary/weixin-java-tools.git synced 2025-04-05 17:38:05 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Upgrade com.thoughtworks.xstream:xstream to version 1.4.11

Browse Source 
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)
This commit is contained in:
Binary Wang 2019-07-29 10:23:58 +08:00 committed by GitHub
parent 59030a46a9
commit 4223abfae6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pom.xml
View File

@ -173,7 +173,7 @@
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
<version>1.4.10</version>
<version>1.4.11</version>
</dependency>
<!-- 由于guava较新的21.0版本需要jdk8故而此处采用较低版本 -->
<dependency>