Guykoth

**Name of the Vulnerable Software and Affected Versions** XStream versions prior to 1.4.9 **Description** The issue concerns multiple XML external entity (XXE) vulnerabilities in various drivers of XStream. These vulnerabilities allow remote attackers to read arbitrary files via a crafted XML document. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions prior to 1.4.9, update to version 1.4.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the affected drivers (Dom4JDriver, DomDriver, JDomDriver, JDom2Driver, SjsxpDriver, StandardStaxDriver, and WstxDriver) until a patch is available.