xstream core is vulnerable to Denial Of Service(DoS). The vulnerability exists in the unmarshal
function in XStream.java
due to a stack overflow which allows an attacker to manipulate the processed input stream at unmarshalling time and replace or inject objects calculating a recursive hash set.