XStream is an open source Java class library that is mainly used to serialize objects to XML (JSON) or deserialize them to objects.XStream 1.4.17 and previous versions have a server-side request forgery vulnerability, which can be used by remote attackers to submit special requests that can obtain sensitive information.