FKIE_CVE-2021-21345

Vulnerability from fkie_nvd - Published: 2021-03-23 00:15 - Updated: 2025-05-23 17:41
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
References
security-advisories@github.comhttp://x-stream.github.io/changes.html#1.4.16Release Notes, Third Party Advisory
security-advisories@github.comhttps://github.com/x-stream/xstream/security/advisories/GHSA-hwpc-8xqv-jvj4Third Party Advisory
security-advisories@github.comhttps://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3Cusers.activemq.apache.org%3EThird Party Advisory, Issue Tracking, Mailing List
security-advisories@github.comhttps://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0%40%3Cdev.jmeter.apache.org%3EThird Party Advisory, Issue Tracking, Mailing List
security-advisories@github.comhttps://lists.debian.org/debian-lts-announce/2021/04/msg00002.htmlMailing List, Third Party Advisory
security-advisories@github.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/Third Party Advisory, Mailing List
security-advisories@github.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/Third Party Advisory, Mailing List
security-advisories@github.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/Third Party Advisory, Mailing List
security-advisories@github.comhttps://security.netapp.com/advisory/ntap-20210430-0002/Third Party Advisory
security-advisories@github.comhttps://www.debian.org/security/2021/dsa-5004Third Party Advisory, Mailing List
security-advisories@github.comhttps://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
security-advisories@github.comhttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
security-advisories@github.comhttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Vendor Advisory
security-advisories@github.comhttps://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
security-advisories@github.comhttps://x-stream.github.io/CVE-2021-21345.htmlExploit, Third Party Advisory
security-advisories@github.comhttps://x-stream.github.io/security.html#workaroundMitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://x-stream.github.io/changes.html#1.4.16Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/x-stream/xstream/security/advisories/GHSA-hwpc-8xqv-jvj4Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3Cusers.activemq.apache.org%3EThird Party Advisory, Issue Tracking, Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0%40%3Cdev.jmeter.apache.org%3EThird Party Advisory, Issue Tracking, Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/04/msg00002.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/Third Party Advisory, Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/Third Party Advisory, Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/Third Party Advisory, Mailing List
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20210430-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-5004Third Party Advisory, Mailing List
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://x-stream.github.io/CVE-2021-21345.htmlExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://x-stream.github.io/security.html#workaroundMitigation, Third Party Advisory
Impacted products
Vendor Product Version
netapp oncommand_insight -
apache activemq *
apache activemq 5.16.0
apache activemq 5.16.1
apache jmeter *
xstream xstream *
debian debian_linux 9.0
debian debian_linux 10.0
debian debian_linux 11.0
fedoraproject fedora 33
fedoraproject fedora 34
fedoraproject fedora 35
oracle banking_enterprise_default_management 2.10.0
oracle banking_enterprise_default_management 2.12.0
oracle banking_platform 2.4.0
oracle banking_platform 2.7.1
oracle banking_platform 2.9.0
oracle banking_platform 2.12.0
oracle banking_virtual_account_management 14.2.0
oracle banking_virtual_account_management 14.3.0
oracle banking_virtual_account_management 14.5.0
oracle business_activity_monitoring 11.1.1.9.0
oracle business_activity_monitoring 12.2.1.3.0
oracle business_activity_monitoring 12.2.1.4.0
oracle communications_billing_and_revenue_management_elastic_charging_engine 12.0.0.3.0
oracle communications_policy_management 12.5.0
oracle communications_unified_inventory_management 7.3.2
oracle communications_unified_inventory_management 7.3.4
oracle communications_unified_inventory_management 7.3.5
oracle communications_unified_inventory_management 7.4.0
oracle communications_unified_inventory_management 7.4.1
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
oracle retail_xstore_point_of_service 16.0.6
oracle retail_xstore_point_of_service 17.0.4
oracle retail_xstore_point_of_service 18.0.3
oracle retail_xstore_point_of_service 19.0.2
oracle webcenter_portal 11.1.1.9.0
oracle webcenter_portal 12.2.1.3.0
oracle webcenter_portal 12.2.1.4.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08739311-087C-4B48-8FD5-DE4CCDD1DE2B",
              "versionEndExcluding": "5.15.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:activemq:5.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DF1FC86-4D17-41C5-8307-B3EA9FEDA124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:activemq:5.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "311BB335-06EE-4B7D-B1D7-FA0D1D2F9673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:jmeter:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D7DFDE4-E63D-49A0-A4EF-D6C5EF06AFD9",
              "versionEndExcluding": "5.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xstream:xstream:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61951B4B-1970-447E-AEFA-BFD5E7992640",
              "versionEndExcluding": "1.4.16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C7E2F1-17FC-4322-A5C3-F7EB612BA4F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "320D36DA-D99F-4149-B582-3F4AB2F41A1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2BEE49E-A5AA-42D3-B422-460454505480",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB9FC9AB-1070-420F-870E-A5EC43A924A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDC6D658-09EA-4C41-869F-1C2EA163F751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1534C11-E3F5-49F3-8F8D-7C5C90951E69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D952E04D-DE2D-4AE0-BFE6-7D9B7E55AC80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1111BCFD-E336-4B31-A87E-76C684AC6DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_activity_monitoring:11.1.1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC723E79-8F35-417B-B9D9-6A707F74C1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5700C2E9-5FF2-48EF-AD85-3C03EDA76536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8461A2-428C-4817-92A9-0C671545698D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3784BE26-B268-40F3-9B10-88E50A4400AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5312AC7A-3C16-4967-ACA6-317289A749D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "490B2C44-CECD-4551-B04F-4076D0E053C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7756147-7168-4E03-93EE-31379F6BE88E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16."
    },
    {
      "lang": "es",
      "value": "XStream es una biblioteca de Java para serializar objetos a XML y viceversa.\u0026#xa0;En XStream anterior a la versi\u00f3n 1.4.16, se presenta una vulnerabilidad que puede permitir a un atacante remoto que tenga suficientes derechos ejecutar comandos del host solo manipulando el flujo de entrada procesado.\u0026#xa0;Ning\u00fan usuario est\u00e1 afectado, si sigui\u00f3 la recomendaci\u00f3n de configurar el framework de seguridad de XStream con una lista blanca limitada a los tipos m\u00ednimos requeridos.\u0026#xa0;Si conf\u00eda en la lista negra predeterminada de XStream del Framework de Seguridad, tendr\u00e1 que usar al menos la versi\u00f3n 1.4.16"
    }
  ],
  "id": "CVE-2021-21345",
  "lastModified": "2025-05-23T17:41:10.117",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 4.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.9,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-23T00:15:12.787",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "http://x-stream.github.io/changes.html#1.4.16"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-hwpc-8xqv-jvj4"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory",
        "Issue Tracking",
        "Mailing List"
      ],
      "url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3Cusers.activemq.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory",
        "Issue Tracking",
        "Mailing List"
      ],
      "url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0%40%3Cdev.jmeter.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory",
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory",
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory",
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210430-0002/"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory",
        "Mailing List"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5004"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://x-stream.github.io/CVE-2021-21345.html"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://x-stream.github.io/security.html#workaround"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "http://x-stream.github.io/changes.html#1.4.16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-hwpc-8xqv-jvj4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "Issue Tracking",
        "Mailing List"
      ],
      "url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3Cusers.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "Issue Tracking",
        "Mailing List"
      ],
      "url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0%40%3Cdev.jmeter.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210430-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "Mailing List"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://x-stream.github.io/CVE-2021-21345.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://x-stream.github.io/security.html#workaround"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        },
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.