Henry Lin

Dear xstream maintainers, this is a friendly reminder, are you guys interested in onboarding to the OSS-Fuzz platform? If we can not get maintainers from your project we will do...

OSS-Fuzz has found this stackoverflow issue which has already been fixed due to fix by sonarqube. I think there is a potential security risk depending on the context of the...

No problems! We will take over for most of the part then, in the future we will ask questions related to if the bugs found by OSS-Fuzz is really security...

Hello @joehni, We did not look into the commit details of this issue, we get our conclusion based on the fixed revision range of commits on Github. I think the...

Hello @marcelstoer @tomabai thanks for your feedback. Just for clarification, the vulnerabilities are triggered with xstream.fromXML(Malicious_Input). For the [CVE-2022-40151](https://nvd.nist.gov/vuln/detail/CVE-2022-40151), according to the stacktrace it seeems like a problem within xstream,...

For the first one [CVE-2022-40151](https://nvd.nist.gov/vuln/detail/CVE-2022-40151) the vulnerable library is still xstream. For the other five, you're right. We will request an update at the vulnerability database to point to woodstox....

Hello KvanTTT, thanks for your reply! If you want I can add your email into the project.yaml of antlr4 on OSS-Fuzz, https://github.com/google/oss-fuzz/blob/ed8ad012a2243a357f67d7f6953f2621a34fad3f/projects/antlr4-java/project.yaml Then you will receive all the emails regarding...

Here you go, [49339.zip](https://github.com/antlr/antlr4/files/9490994/49339.zip) [50093.zip](https://github.com/antlr/antlr4/files/9490996/50093.zip) Please let me know if you have any questions!

At the moment OSS-Fuzz does not support Github actions, but thanks for your feedback

Dear xstream maintainers and users, We have provided detailed information regarding the CVE-2022-40151, please have a look in https://github.com/x-stream/xstream/issues/314. Regarding CVE-2022-40152, CVE-2022-40153, CVE-2022-40154, CVE-2022-40155, CVE-2022-40156, they are addressed in woodstox...