XML-to-Object Transformer Reference
Purpose: Use a XML-to-Object transformer to transform XML data to a Java Object (also referred to as Java Bean graphs) using XStream.
Minimum Configuration: The name of the XStream driver class.
Discussion: A XML-to-Object transformer transforms XML data using the specified XStream driver class.
Important: Mule uses XStream 1.4.2. The XML-to-object transformer is vulnerable to CVE-2013-7285. A remote attacker can send messages to an XML-to-object transformer and can achieve remote code execution (RCE). For more information, see XML Issues in Mule ESB or contact MuleSoft Customer Support.
In addition to the properties common to all transformers, you can also specify class aliases and converters.
Use the General tab to specify or browse to the XStream driver class.
Use the Advanced tab to optionally configure the properties standard to all transformers, plus add or change class aliases and class converters.
Use the Aliases pane to create, edit, or delete aliases for specific classes. Similarly, use the Converters pane to create, edit, or delete class converters.
Mule ESB Reference:
For more information, see here.