Looking at RCEs in the XStream Java Library and How you can prevent them

Introduction

XStream from ThoughtWorks is a simple library to serialize and deserialize objects in XML and JSON format. Compared to alternative XML serialization libraries such as JAXB (JSR-222) and Jackson, developers find XStream both lightweight and easier to integrate within their applications and services. This simplicity, however, comes at a price…

Prabhu Subramanian

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store