Exploiting Deserialization Vulnerabilities in XStream
XStream is a popular Java library for serializing objects to XML and back. However, versions prior to 1.4.15 (and certain later patches) are vulnerable to deserialization attacks that can lead to remote code execution. This article explores the internals of XStream's deserialization mechanism and demonstrates how three critical CVEs (CVE-2021-2 ...
Posted on Wed, 20 May 2026 02:47:44 +0000 by skymanj