[jira] [Updated] (HBASE-26171) XmlMessageRenderer has the risk of XStream deserialization

Zixuan Liu (Jira) Thu, 05 Aug 2021 00:25:06 -0700


     [ 
https://issues.apache.org/jira/browse/HBASE-26171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Zixuan Liu updated HBASE-26171:
-------------------------------
    Description: 
XmlMessageRenderer.getXstream() method:

```

public XStream getXstream() {
  if (xstream == null) {
    xstream = new XStream();
  }
  return xstream;
 }

```
 There is a risk of XStream deserialization.

  was:
XmlMessageRenderer.getXstream() method:

```
public XStream getXstream() {
 if (xstream == null) {
 xstream = new XStream();
 }
 return xstream;
 }

```
There is a risk of XStream deserialization.


> XmlMessageRenderer has the risk of XStream deserialization
> ----------------------------------------------------------
>
>                 Key: HBASE-26171
>                 URL: https://issues.apache.org/jira/browse/HBASE-26171
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Zixuan Liu
>            Priority: Major
>
> XmlMessageRenderer.getXstream() method:
> ```
> public XStream getXstream() {
>   if (xstream == null) {
>     xstream = new XStream();
>   }
>   return xstream;
>  }
> ```
>  There is a risk of XStream deserialization.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (HBASE-26171) XmlMessageRenderer has the risk of XStream deserialization

Reply via email to