{"id":"CVE-2016-3674","details":"Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.","aliases":["GHSA-rgh3-987h-wpmw"],"modified":"2026-03-20T11:09:20.472437Z","published":"2016-05-17T14:08:03.607Z","related":["MGASA-2016-0164","openSUSE-SU-2024:10592-1"],"references":[{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1036419"},{"type":"ADVISORY","url":"http://x-stream.github.io/changes.html#1.4.9"},{"type":"ADVISORY","url":"https://github.com/x-stream/xstream/issues/25"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2822.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/03/28/1"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/85381"},{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183180.html"},{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183208.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2823.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3575"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/03/25/8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/x-stream/xstream","events":[{"introduced":"0"},{"fixed":"f66bbea1b383e705988abf8d06ea9782a73f24d4"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.4.9"}]}}],"versions":["XSTREAM_1_4_5"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3674.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"22"}]},{"events":[{"introduced":"0"},{"last_affected":"23"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}