CVE-2017-7957

Name of the Vulnerable Software and Affected Versions XStream versions 1.4.9 and earlier Bamboo Data Center and Server version 9.2.1

Description The issue concerns XStream, where attempts to create an instance of the primitive type void during unmarshalling can lead to a remote application crash. This can be demonstrated by an xstream.fromXML("<void/>") call. The vulnerability allows an unauthenticated attacker to expose assets in the environment, susceptible to exploitation, with no impact to confidentiality, no impact to integrity, and high impact to availability, requiring no user interaction.

Recommendations For XStream versions 1.4.9 and earlier, upgrade to a version greater than 1.4.9. For Bamboo Data Center and Server version 9.2.1, upgrade to a release greater than or equal to 9.2.8.