Thread: Security XStream Problems

Results 1 to 2 of 2
  1. #1 Security XStream Problems 
    Registered Member
    Join Date
    May 2017
    Age
    25
    Posts
    222
    Thanks given
    2
    Thanks received
    5
    Rep Power
    0
    So I have been seeing alot of people run into this issue & alot of people ask about it aswell including myself I was once asking about it.. But the problem here is pretty self explained if you really put thought into it..


    If you're running into this error -
    Code:
    com.thoughtworks.xstream.security.ForbiddenClassException: com.client.ItemBonusDefinition
        at com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26)
    Heres the simple fix..

    First off you need to update your XStream from the 1.3.1 version to this current version. XStream Updated version.

    And if you look at the error it includes
    Code:
    NoTypePermission.java:26
    Its implying at the ItemDef folder XStream needs to have permission there in order for your client to work.

    So what you have to do is allow xstreams security permission. As shown below.

    CTRL H - FIND
    Code:
    xStream.alias("ItemBonusDefinition", ItemBonusDefinition.class);
    And right below ItemBonusDefinition Class post this
    Code:
    xStream.addPermission(AnyTypePermission.ANY);
    & this should fix your error.



    Reply With Quote  
     

  2. #2  
    Registered Member
    Join Date
    Apr 2023
    Posts
    7
    Thanks given
    0
    Thanks received
    1
    Rep Power
    0
    I assume this was never commented on because people don't care about some of these very nasty CVE i think thats the problem i have seen servers released using mysql 3.0.13 jar? in 2010+ you know this jar for mysql connection came out in 2005!! i had to look it up.

    A list of the vulnerabilities for 1.31.1

    com.thoughtworks.xstream:xstream 1.3.1 vulnerabilities | Snyk
    Reply With Quote  
     


Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. Replies: 2
    Last Post: 03-31-2015, 05:18 AM
  2. Security problems with webclients
    By r0fl dr0pped in forum Snippets
    Replies: 2
    Last Post: 02-17-2014, 07:40 PM
  3. Xampp Security Problem
    By 'Zeros' in forum Website Development
    Replies: 22
    Last Post: 12-11-2010, 03:19 AM
  4. Fixing Log In\Out Problem
    By _Fear in forum Tutorials
    Replies: 11
    Last Post: 04-14-2010, 10:35 PM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •