Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/xstream@1.3.1-16?arch=el7_9

Type rpm

Namespace redhat

Name xstream

Version 1.3.1-16

Qualifiers

arch	el7_9

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-12bx-r37t-3ygm

vulnerability_id

VCID-12bx-r37t-3ygm

summary

Server-Side Request Forgery (SSRF)
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime to Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39150.json

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39150.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39150

reference_id

reference_type

scores

value	0.02418
scoring_system	epss
scoring_elements	0.85143
published_at	2026-04-18T12:55:00Z

value	0.02418
scoring_system	epss
scoring_elements	0.8514
published_at	2026-04-21T12:55:00Z

value	0.02418
scoring_system	epss
scoring_elements	0.85119
published_at	2026-04-13T12:55:00Z

value	0.02418
scoring_system	epss
scoring_elements	0.85046
published_at	2026-04-01T12:55:00Z

value	0.02418
scoring_system	epss
scoring_elements	0.85102
published_at	2026-04-08T12:55:00Z

value	0.02418
scoring_system	epss
scoring_elements	0.8508
published_at	2026-04-07T12:55:00Z

value	0.02418
scoring_system	epss
scoring_elements	0.85076
published_at	2026-04-04T12:55:00Z

value	0.02418
scoring_system	epss
scoring_elements	0.85059
published_at	2026-04-02T12:55:00Z

value	0.02418
scoring_system	epss
scoring_elements	0.85122
published_at	2026-04-12T12:55:00Z

value	0.02418
scoring_system	epss
scoring_elements	0.85125
published_at	2026-04-11T12:55:00Z

value	0.02418
scoring_system	epss
scoring_elements	0.85109
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/x-stream/xstream

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream

reference_url

https://github.com/x-stream/xstream/security/advisories/GHSA-cxfm-5m4g-x7xp

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream/security/advisories/GHSA-cxfm-5m4g-x7xp

reference_url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/

reference_url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_url	https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210923-0003/

reference_url

https://www.debian.org/security/2021/dsa-5004

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-5004

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://x-stream.github.io/CVE-2021-39150.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://x-stream.github.io/CVE-2021-39150.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1997786
reference_id	1997786
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1997786

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id	998054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-39150

reference_id

CVE-2021-39150

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-39150

reference_url

https://github.com/advisories/GHSA-cxfm-5m4g-x7xp

reference_id

GHSA-cxfm-5m4g-x7xp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cxfm-5m4g-x7xp

reference_url	https://access.redhat.com/errata/RHSA-2021:3956
reference_id	RHSA-2021:3956
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3956

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

reference_url	https://access.redhat.com/errata/RHSA-2021:4918
reference_id	RHSA-2021:4918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4918

reference_url	https://access.redhat.com/errata/RHSA-2022:0296
reference_id	RHSA-2022:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0296

reference_url	https://access.redhat.com/errata/RHSA-2022:0297
reference_id	RHSA-2022:0297
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0297

reference_url	https://access.redhat.com/errata/RHSA-2022:0520
reference_id	RHSA-2022:0520
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0520

reference_url	https://usn.ubuntu.com/5946-1/
reference_id	USN-5946-1
reference_type
scores
url	https://usn.ubuntu.com/5946-1/

fixed_packages

aliases

CVE-2021-39150, GHSA-cxfm-5m4g-x7xp

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-12bx-r37t-3ygm

url

VCID-7ma6-2uv1-sbef

vulnerability_id

VCID-7ma6-2uv1-sbef

summary

Deserialization of Untrusted Data
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39147.json

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39147.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39147

reference_id

reference_type

scores

value	0.00674
scoring_system	epss
scoring_elements	0.71438
published_at	2026-04-21T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71459
published_at	2026-04-18T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71453
published_at	2026-04-16T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71365
published_at	2026-04-07T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71418
published_at	2026-04-09T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71406
published_at	2026-04-08T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.7139
published_at	2026-04-04T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71373
published_at	2026-04-02T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71407
published_at	2026-04-13T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71425
published_at	2026-04-12T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.7144
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39147

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/x-stream/xstream

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream

reference_url

https://github.com/x-stream/xstream/security/advisories/GHSA-h7v4-7xg3-hxcc

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream/security/advisories/GHSA-h7v4-7xg3-hxcc

reference_url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/

reference_url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_url	https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210923-0003/

reference_url

https://www.debian.org/security/2021/dsa-5004

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-5004

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://x-stream.github.io/CVE-2021-39147.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://x-stream.github.io/CVE-2021-39147.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1997779
reference_id	1997779
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1997779

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id	998054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-39147

reference_id

CVE-2021-39147

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-39147

reference_url

https://github.com/advisories/GHSA-h7v4-7xg3-hxcc

reference_id

GHSA-h7v4-7xg3-hxcc

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h7v4-7xg3-hxcc

reference_url	https://access.redhat.com/errata/RHSA-2021:3956
reference_id	RHSA-2021:3956
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3956

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

reference_url	https://access.redhat.com/errata/RHSA-2021:4918
reference_id	RHSA-2021:4918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4918

reference_url	https://access.redhat.com/errata/RHSA-2022:0296
reference_id	RHSA-2022:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0296

reference_url	https://access.redhat.com/errata/RHSA-2022:0297
reference_id	RHSA-2022:0297
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0297

reference_url	https://access.redhat.com/errata/RHSA-2022:0520
reference_id	RHSA-2022:0520
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0520

reference_url	https://usn.ubuntu.com/5946-1/
reference_id	USN-5946-1
reference_type
scores
url	https://usn.ubuntu.com/5946-1/

fixed_packages

aliases

CVE-2021-39147, GHSA-h7v4-7xg3-hxcc

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-7ma6-2uv1-sbef

url

VCID-8gha-n6ke-nucu

vulnerability_id

VCID-8gha-n6ke-nucu

summary

Deserialization of Untrusted Data
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39148.json

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39148.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39148

reference_id

reference_type

scores

value	0.00674
scoring_system	epss
scoring_elements	0.71438
published_at	2026-04-21T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71459
published_at	2026-04-18T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71453
published_at	2026-04-16T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71365
published_at	2026-04-07T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71418
published_at	2026-04-09T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71406
published_at	2026-04-08T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.7139
published_at	2026-04-04T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71373
published_at	2026-04-02T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71407
published_at	2026-04-13T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71425
published_at	2026-04-12T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.7144
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39148

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/x-stream/xstream

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream

reference_url

https://github.com/x-stream/xstream/security/advisories/GHSA-qrx8-8545-4wg2

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream/security/advisories/GHSA-qrx8-8545-4wg2

reference_url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/

reference_url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_url	https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210923-0003/

reference_url

https://www.debian.org/security/2021/dsa-5004

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-5004

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://x-stream.github.io/CVE-2021-39148.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://x-stream.github.io/CVE-2021-39148.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1997781
reference_id	1997781
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1997781

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id	998054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-39148

reference_id

CVE-2021-39148

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-39148

reference_url

https://github.com/advisories/GHSA-qrx8-8545-4wg2

reference_id

GHSA-qrx8-8545-4wg2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qrx8-8545-4wg2

reference_url	https://access.redhat.com/errata/RHSA-2021:3956
reference_id	RHSA-2021:3956
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3956

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

reference_url	https://access.redhat.com/errata/RHSA-2021:4918
reference_id	RHSA-2021:4918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4918

reference_url	https://access.redhat.com/errata/RHSA-2022:0296
reference_id	RHSA-2022:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0296

reference_url	https://access.redhat.com/errata/RHSA-2022:0297
reference_id	RHSA-2022:0297
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0297

reference_url	https://access.redhat.com/errata/RHSA-2022:0520
reference_id	RHSA-2022:0520
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0520

reference_url	https://usn.ubuntu.com/5946-1/
reference_id	USN-5946-1
reference_type
scores
url	https://usn.ubuntu.com/5946-1/

fixed_packages

aliases

CVE-2021-39148, GHSA-qrx8-8545-4wg2

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-8gha-n6ke-nucu

url

VCID-c5tu-31kw-mfcf

vulnerability_id

VCID-c5tu-31kw-mfcf

summary

Deserialization of Untrusted Data
XStream is a simple library to serialize objects to XML and back again. if using the version out of the box with Java runtime to 8 or with JavaFX installed. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39153.json

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39153.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39153

reference_id

reference_type

scores

value	0.00674
scoring_system	epss
scoring_elements	0.71438
published_at	2026-04-21T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71459
published_at	2026-04-18T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71453
published_at	2026-04-16T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71365
published_at	2026-04-07T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71418
published_at	2026-04-09T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71406
published_at	2026-04-08T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.7139
published_at	2026-04-04T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71373
published_at	2026-04-02T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71407
published_at	2026-04-13T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71425
published_at	2026-04-12T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.7144
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/x-stream/xstream

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream

reference_url

https://github.com/x-stream/xstream/security/advisories/GHSA-2q8x-2p7f-574v

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream/security/advisories/GHSA-2q8x-2p7f-574v

reference_url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/

reference_url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_url	https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210923-0003/

reference_url

https://www.debian.org/security/2021/dsa-5004

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-5004

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://x-stream.github.io/CVE-2021-39153.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://x-stream.github.io/CVE-2021-39153.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1997795
reference_id	1997795
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1997795

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id	998054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-39153

reference_id

CVE-2021-39153

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-39153

reference_url

https://github.com/advisories/GHSA-2q8x-2p7f-574v

reference_id

GHSA-2q8x-2p7f-574v

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2q8x-2p7f-574v

reference_url	https://access.redhat.com/errata/RHSA-2021:3956
reference_id	RHSA-2021:3956
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3956

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

reference_url	https://access.redhat.com/errata/RHSA-2021:4918
reference_id	RHSA-2021:4918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4918

reference_url	https://access.redhat.com/errata/RHSA-2022:0296
reference_id	RHSA-2022:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0296

reference_url	https://access.redhat.com/errata/RHSA-2022:0297
reference_id	RHSA-2022:0297
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0297

reference_url	https://access.redhat.com/errata/RHSA-2022:0520
reference_id	RHSA-2022:0520
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0520

reference_url	https://usn.ubuntu.com/5946-1/
reference_id	USN-5946-1
reference_type
scores
url	https://usn.ubuntu.com/5946-1/

fixed_packages

aliases

CVE-2021-39153, GHSA-2q8x-2p7f-574v

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-c5tu-31kw-mfcf

url

VCID-dxpe-qmxq-ykax

vulnerability_id

VCID-dxpe-qmxq-ykax

summary

Unrestricted Upload of File with Dangerous Type
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with a allow list limited to the minimal required types are not impacted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39145.json

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39145.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39145

reference_id

reference_type

scores

value	0.00618
scoring_system	epss
scoring_elements	0.69988
published_at	2026-04-21T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.70006
published_at	2026-04-18T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69996
published_at	2026-04-16T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69953
published_at	2026-04-13T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69966
published_at	2026-04-12T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69982
published_at	2026-04-11T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69958
published_at	2026-04-09T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69942
published_at	2026-04-08T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69894
published_at	2026-04-07T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69917
published_at	2026-04-04T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69902
published_at	2026-04-02T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69889
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/x-stream/xstream

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream

reference_url

https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v

reference_url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/

reference_url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_url	https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210923-0003/

reference_url

https://www.debian.org/security/2021/dsa-5004

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-5004

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1997775
reference_id	1997775
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1997775

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id	998054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-39145

reference_id

CVE-2021-39145

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-39145

reference_url

https://x-stream.github.io/CVE-2021-39145.html

reference_id

CVE-2021-39145.HTML

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://x-stream.github.io/CVE-2021-39145.html

reference_url

https://github.com/advisories/GHSA-8jrj-525p-826v

reference_id

GHSA-8jrj-525p-826v

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8jrj-525p-826v

reference_url	https://access.redhat.com/errata/RHSA-2021:3956
reference_id	RHSA-2021:3956
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3956

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

reference_url	https://access.redhat.com/errata/RHSA-2021:4918
reference_id	RHSA-2021:4918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4918

reference_url	https://access.redhat.com/errata/RHSA-2022:0296
reference_id	RHSA-2022:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0296

reference_url	https://access.redhat.com/errata/RHSA-2022:0297
reference_id	RHSA-2022:0297
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0297

reference_url	https://access.redhat.com/errata/RHSA-2022:0520
reference_id	RHSA-2022:0520
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0520

reference_url	https://usn.ubuntu.com/5946-1/
reference_id	USN-5946-1
reference_type
scores
url	https://usn.ubuntu.com/5946-1/

fixed_packages

aliases

CVE-2021-39145, GHSA-8jrj-525p-826v

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-dxpe-qmxq-ykax

url

VCID-eeye-wfxf-x7cc

vulnerability_id

VCID-eeye-wfxf-x7cc

summary

Deserialization of Untrusted Data
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with a allow list limited to the minimal required types are not impacted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39146.json

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39146.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39146

reference_id

reference_type

scores

value	0.47156
scoring_system	epss
scoring_elements	0.97692
published_at	2026-04-21T12:55:00Z

value	0.47156
scoring_system	epss
scoring_elements	0.9769
published_at	2026-04-16T12:55:00Z

value	0.47156
scoring_system	epss
scoring_elements	0.97683
published_at	2026-04-13T12:55:00Z

value	0.47156
scoring_system	epss
scoring_elements	0.97662
published_at	2026-04-01T12:55:00Z

value	0.47156
scoring_system	epss
scoring_elements	0.97674
published_at	2026-04-08T12:55:00Z

value	0.47156
scoring_system	epss
scoring_elements	0.9767
published_at	2026-04-07T12:55:00Z

value	0.47156
scoring_system	epss
scoring_elements	0.97669
published_at	2026-04-04T12:55:00Z

value	0.47156
scoring_system	epss
scoring_elements	0.97668
published_at	2026-04-02T12:55:00Z

value	0.47156
scoring_system	epss
scoring_elements	0.97682
published_at	2026-04-12T12:55:00Z

value	0.47156
scoring_system	epss
scoring_elements	0.9768
published_at	2026-04-11T12:55:00Z

value	0.47156
scoring_system	epss
scoring_elements	0.97677
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39146

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/x-stream/xstream

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream

reference_url

https://github.com/x-stream/xstream/security/advisories/GHSA-p8pq-r894-fm8f

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream/security/advisories/GHSA-p8pq-r894-fm8f

reference_url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/

reference_url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_url	https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210923-0003/

reference_url

https://www.debian.org/security/2021/dsa-5004

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-5004

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1997777
reference_id	1997777
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1997777

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id	998054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-39146

reference_id

CVE-2021-39146

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-39146

reference_url

https://x-stream.github.io/CVE-2021-39146.html

reference_id

CVE-2021-39146.HTML

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://x-stream.github.io/CVE-2021-39146.html

reference_url

https://github.com/advisories/GHSA-p8pq-r894-fm8f

reference_id

GHSA-p8pq-r894-fm8f

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p8pq-r894-fm8f

reference_url	https://access.redhat.com/errata/RHSA-2021:3956
reference_id	RHSA-2021:3956
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3956

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

reference_url	https://access.redhat.com/errata/RHSA-2021:4918
reference_id	RHSA-2021:4918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4918

reference_url	https://access.redhat.com/errata/RHSA-2022:0296
reference_id	RHSA-2022:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0296

reference_url	https://access.redhat.com/errata/RHSA-2022:0297
reference_id	RHSA-2022:0297
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0297

reference_url	https://access.redhat.com/errata/RHSA-2022:0520
reference_id	RHSA-2022:0520
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0520

reference_url	https://usn.ubuntu.com/5946-1/
reference_id	USN-5946-1
reference_type
scores
url	https://usn.ubuntu.com/5946-1/

fixed_packages

aliases

CVE-2021-39146, GHSA-p8pq-r894-fm8f

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-eeye-wfxf-x7cc

url

VCID-f779-wcjk-kfc1

vulnerability_id

VCID-f779-wcjk-kfc1

summary

Deserialization of Untrusted Data
XStream is a simple library to serialize objects to XML and back again. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39154.json

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39154.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39154

reference_id

reference_type

scores

value	0.00674
scoring_system	epss
scoring_elements	0.71438
published_at	2026-04-21T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71459
published_at	2026-04-18T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71453
published_at	2026-04-16T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71365
published_at	2026-04-07T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71418
published_at	2026-04-09T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71406
published_at	2026-04-08T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.7139
published_at	2026-04-04T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71373
published_at	2026-04-02T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71407
published_at	2026-04-13T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.71425
published_at	2026-04-12T12:55:00Z

value	0.00674
scoring_system	epss
scoring_elements	0.7144
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/x-stream/xstream

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream

reference_url

https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68

reference_url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/

reference_url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_url	https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210923-0003/

reference_url

https://www.debian.org/security/2021/dsa-5004

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-5004

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://x-stream.github.io/CVE-2021-39154.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://x-stream.github.io/CVE-2021-39154.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1997801
reference_id	1997801
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1997801

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id	998054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-39154

reference_id

CVE-2021-39154

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-39154

reference_url

https://github.com/advisories/GHSA-6w62-hx7r-mw68

reference_id

GHSA-6w62-hx7r-mw68

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6w62-hx7r-mw68

reference_url	https://access.redhat.com/errata/RHSA-2021:3956
reference_id	RHSA-2021:3956
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3956

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

reference_url	https://access.redhat.com/errata/RHSA-2021:4918
reference_id	RHSA-2021:4918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4918

reference_url	https://access.redhat.com/errata/RHSA-2022:0296
reference_id	RHSA-2022:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0296

reference_url	https://access.redhat.com/errata/RHSA-2022:0297
reference_id	RHSA-2022:0297
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0297

reference_url	https://access.redhat.com/errata/RHSA-2022:0520
reference_id	RHSA-2022:0520
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0520

reference_url	https://usn.ubuntu.com/5946-1/
reference_id	USN-5946-1
reference_type
scores
url	https://usn.ubuntu.com/5946-1/

fixed_packages

aliases

CVE-2021-39154, GHSA-6w62-hx7r-mw68

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-f779-wcjk-kfc1

url

VCID-na6t-mkxt-3qbw

vulnerability_id

VCID-na6t-mkxt-3qbw

summary

XStream is vulnerable to a Remote Command Execution attack
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with a allow list limited to the minimal required types are not impacted.

references

reference_url

http://packetstormsecurity.com/files/169859/VMware-NSX-Manager-XStream-Unauthenticated-Remote-Code-Execution.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/

url

http://packetstormsecurity.com/files/169859/VMware-NSX-Manager-XStream-Unauthenticated-Remote-Code-Execution.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39144.json

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39144.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39144

reference_id

reference_type

scores

value	0.94255
scoring_system	epss
scoring_elements	0.99933
published_at	2026-04-13T12:55:00Z

value	0.94255
scoring_system	epss
scoring_elements	0.99934
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/x-stream/xstream

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream

reference_url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/

url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-39144

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-39144

reference_url

https://www.debian.org/security/2021/dsa-5004

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/

url

https://www.debian.org/security/2021/dsa-5004

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1997772
reference_id	1997772
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1997772

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/

reference_id

22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id	998054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-39144

reference_id

CVE-2021-39144

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-39144

reference_url

https://x-stream.github.io/CVE-2021-39144.html

reference_id

CVE-2021-39144.HTML

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/

url

https://x-stream.github.io/CVE-2021-39144.html

reference_url

https://github.com/advisories/GHSA-j9h8-phrw-h4fh

reference_id

GHSA-j9h8-phrw-h4fh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j9h8-phrw-h4fh

reference_url

https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh

reference_id

GHSA-j9h8-phrw-h4fh

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/

url

https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/

reference_id

PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/

reference_id

QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/

reference_url	https://access.redhat.com/errata/RHSA-2021:3956
reference_id	RHSA-2021:3956
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3956

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

reference_url	https://access.redhat.com/errata/RHSA-2021:4918
reference_id	RHSA-2021:4918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4918

reference_url	https://access.redhat.com/errata/RHSA-2022:0296
reference_id	RHSA-2022:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0296

reference_url	https://access.redhat.com/errata/RHSA-2022:0297
reference_id	RHSA-2022:0297
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0297

reference_url	https://access.redhat.com/errata/RHSA-2022:0520
reference_id	RHSA-2022:0520
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0520

reference_url	https://access.redhat.com/errata/RHSA-2023:1303
reference_id	RHSA-2023:1303
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1303

reference_url	https://usn.ubuntu.com/5946-1/
reference_id	USN-5946-1
reference_type
scores
url	https://usn.ubuntu.com/5946-1/

fixed_packages

aliases

CVE-2021-39144, GHSA-j9h8-phrw-h4fh

risk_score

10.0

exploitability

2.0

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-na6t-mkxt-3qbw

url

VCID-npjx-vkrd-9bae

vulnerability_id

VCID-npjx-vkrd-9bae

summary

Deserialization of Untrusted Data
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39141.json

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39141.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39141

reference_id

reference_type

scores

value	0.81843
scoring_system	epss
scoring_elements	0.99201
published_at	2026-04-21T12:55:00Z

value	0.81843
scoring_system	epss
scoring_elements	0.99199
published_at	2026-04-16T12:55:00Z

value	0.81843
scoring_system	epss
scoring_elements	0.99198
published_at	2026-04-12T12:55:00Z

value	0.81843
scoring_system	epss
scoring_elements	0.99197
published_at	2026-04-13T12:55:00Z

value	0.81843
scoring_system	epss
scoring_elements	0.99196
published_at	2026-04-07T12:55:00Z

value	0.81843
scoring_system	epss
scoring_elements	0.99192
published_at	2026-04-04T12:55:00Z

value	0.81843
scoring_system	epss
scoring_elements	0.9919
published_at	2026-04-02T12:55:00Z

value	0.81843
scoring_system	epss
scoring_elements	0.99188
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/x-stream/xstream

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream

reference_url

https://github.com/x-stream/xstream/security/advisories/GHSA-g5w6-mrj7-75h2

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream/security/advisories/GHSA-g5w6-mrj7-75h2

reference_url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/

reference_url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_url	https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210923-0003/

reference_url

https://www.debian.org/security/2021/dsa-5004

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-5004

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1997769
reference_id	1997769
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1997769

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id	998054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-39141

reference_id

CVE-2021-39141

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-39141

reference_url

https://x-stream.github.io/CVE-2021-39141.html

reference_id

CVE-2021-39141.HTML

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://x-stream.github.io/CVE-2021-39141.html

reference_url

https://github.com/advisories/GHSA-g5w6-mrj7-75h2

reference_id

GHSA-g5w6-mrj7-75h2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g5w6-mrj7-75h2

reference_url	https://access.redhat.com/errata/RHSA-2021:3956
reference_id	RHSA-2021:3956
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3956

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

reference_url	https://access.redhat.com/errata/RHSA-2021:4918
reference_id	RHSA-2021:4918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4918

reference_url	https://access.redhat.com/errata/RHSA-2022:0296
reference_id	RHSA-2022:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0296

reference_url	https://access.redhat.com/errata/RHSA-2022:0297
reference_id	RHSA-2022:0297
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0297

reference_url	https://access.redhat.com/errata/RHSA-2022:0520
reference_id	RHSA-2022:0520
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0520

reference_url	https://usn.ubuntu.com/5946-1/
reference_id	USN-5946-1
reference_type
scores
url	https://usn.ubuntu.com/5946-1/

fixed_packages

aliases

CVE-2021-39141, GHSA-g5w6-mrj7-75h2

risk_score

10.0

exploitability

2.0

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-npjx-vkrd-9bae

url

VCID-rfc1-r1gr-wffp

vulnerability_id

VCID-rfc1-r1gr-wffp

summary

Deserialization of Untrusted Data
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39151.json

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39151.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39151

reference_id

reference_type

scores

value	0.00708
scoring_system	epss
scoring_elements	0.72222
published_at	2026-04-21T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.72236
published_at	2026-04-18T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.72226
published_at	2026-04-16T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.72185
published_at	2026-04-13T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.72199
published_at	2026-04-12T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.72214
published_at	2026-04-11T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.72192
published_at	2026-04-09T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.7218
published_at	2026-04-08T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.72143
published_at	2026-04-07T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.72166
published_at	2026-04-04T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.72145
published_at	2026-04-02T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.7214
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39151

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/x-stream/xstream

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream

reference_url

https://github.com/x-stream/xstream/security/advisories/GHSA-hph2-m3g5-xxv4

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream/security/advisories/GHSA-hph2-m3g5-xxv4

reference_url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/

reference_url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_url	https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210923-0003/

reference_url

https://www.debian.org/security/2021/dsa-5004

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-5004

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://x-stream.github.io/CVE-2021-39151.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://x-stream.github.io/CVE-2021-39151.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1997791
reference_id	1997791
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1997791

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id	998054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-39151

reference_id

CVE-2021-39151

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-39151

reference_url

https://github.com/advisories/GHSA-hph2-m3g5-xxv4

reference_id

GHSA-hph2-m3g5-xxv4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hph2-m3g5-xxv4

reference_url	https://access.redhat.com/errata/RHSA-2021:3956
reference_id	RHSA-2021:3956
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3956

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

reference_url	https://access.redhat.com/errata/RHSA-2021:4918
reference_id	RHSA-2021:4918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4918

reference_url	https://access.redhat.com/errata/RHSA-2022:0296
reference_id	RHSA-2022:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0296

reference_url	https://access.redhat.com/errata/RHSA-2022:0297
reference_id	RHSA-2022:0297
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0297

reference_url	https://access.redhat.com/errata/RHSA-2022:0520
reference_id	RHSA-2022:0520
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0520

reference_url	https://usn.ubuntu.com/5946-1/
reference_id	USN-5946-1
reference_type
scores
url	https://usn.ubuntu.com/5946-1/

fixed_packages

aliases

CVE-2021-39151, GHSA-hph2-m3g5-xxv4

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-rfc1-r1gr-wffp

url

VCID-v7za-zjfx-mqek

vulnerability_id

VCID-v7za-zjfx-mqek

summary

Server-Side Request Forgery (SSRF)
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39152.json

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39152.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39152

reference_id

reference_type

scores

value	0.61765
scoring_system	epss
scoring_elements	0.98341
published_at	2026-04-21T12:55:00Z

value	0.61765
scoring_system	epss
scoring_elements	0.98342
published_at	2026-04-18T12:55:00Z

value	0.61765
scoring_system	epss
scoring_elements	0.98337
published_at	2026-04-13T12:55:00Z

value	0.61765
scoring_system	epss
scoring_elements	0.98336
published_at	2026-04-11T12:55:00Z

value	0.61765
scoring_system	epss
scoring_elements	0.98333
published_at	2026-04-09T12:55:00Z

value	0.61765
scoring_system	epss
scoring_elements	0.98328
published_at	2026-04-07T12:55:00Z

value	0.61765
scoring_system	epss
scoring_elements	0.98325
published_at	2026-04-04T12:55:00Z

value	0.61765
scoring_system	epss
scoring_elements	0.98323
published_at	2026-04-02T12:55:00Z

value	0.61765
scoring_system	epss
scoring_elements	0.98321
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/x-stream/xstream

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream

reference_url

https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2

reference_url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/

reference_url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_url	https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210923-0003/

reference_url

https://www.debian.org/security/2021/dsa-5004

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-5004

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://x-stream.github.io/CVE-2021-39152.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://x-stream.github.io/CVE-2021-39152.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1997793
reference_id	1997793
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1997793

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id	998054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-39152

reference_id

CVE-2021-39152

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-39152

reference_url

https://github.com/advisories/GHSA-xw4p-crpj-vjx2

reference_id

GHSA-xw4p-crpj-vjx2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xw4p-crpj-vjx2

reference_url	https://access.redhat.com/errata/RHSA-2021:3956
reference_id	RHSA-2021:3956
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3956

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

reference_url	https://access.redhat.com/errata/RHSA-2021:4918
reference_id	RHSA-2021:4918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4918

reference_url	https://access.redhat.com/errata/RHSA-2022:0296
reference_id	RHSA-2022:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0296

reference_url	https://access.redhat.com/errata/RHSA-2022:0297
reference_id	RHSA-2022:0297
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0297

reference_url	https://access.redhat.com/errata/RHSA-2022:0520
reference_id	RHSA-2022:0520
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0520

reference_url	https://usn.ubuntu.com/5946-1/
reference_id	USN-5946-1
reference_type
scores
url	https://usn.ubuntu.com/5946-1/

fixed_packages

aliases

CVE-2021-39152, GHSA-xw4p-crpj-vjx2

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-v7za-zjfx-mqek

url

VCID-wehr-d623-akaj

vulnerability_id

VCID-wehr-d623-akaj

summary

Deserialization of Untrusted Data
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to allocate % CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39140.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39140.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39140

reference_id

reference_type

scores

value	0.00138
scoring_system	epss
scoring_elements	0.33938
published_at	2026-04-21T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.3397
published_at	2026-04-18T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.34053
published_at	2026-04-02T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.3371
published_at	2026-04-01T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33972
published_at	2026-04-12T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33948
published_at	2026-04-13T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.34083
published_at	2026-04-04T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33942
published_at	2026-04-07T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33984
published_at	2026-04-16T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.34015
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/x-stream/xstream

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream

reference_url

https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc

reference_url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/

reference_url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_url	https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210923-0003/

reference_url

https://www.debian.org/security/2021/dsa-5004

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-5004

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://x-stream.github.io/CVE-2021-39140.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://x-stream.github.io/CVE-2021-39140.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1997765
reference_id	1997765
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1997765

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id	998054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-39140

reference_id

CVE-2021-39140

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-39140

reference_url

https://github.com/advisories/GHSA-6wf9-jmg9-vxcc

reference_id

GHSA-6wf9-jmg9-vxcc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6wf9-jmg9-vxcc

reference_url	https://access.redhat.com/errata/RHSA-2021:3956
reference_id	RHSA-2021:3956
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3956

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

reference_url	https://access.redhat.com/errata/RHSA-2021:4918
reference_id	RHSA-2021:4918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4918

reference_url	https://access.redhat.com/errata/RHSA-2022:0296
reference_id	RHSA-2022:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0296

reference_url	https://access.redhat.com/errata/RHSA-2022:0297
reference_id	RHSA-2022:0297
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0297

reference_url	https://access.redhat.com/errata/RHSA-2022:0520
reference_id	RHSA-2022:0520
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0520

reference_url	https://usn.ubuntu.com/5946-1/
reference_id	USN-5946-1
reference_type
scores
url	https://usn.ubuntu.com/5946-1/

fixed_packages

aliases

CVE-2021-39140, GHSA-6wf9-jmg9-vxcc

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-wehr-d623-akaj

url

VCID-xsr8-3cke-33ck

vulnerability_id

VCID-xsr8-3cke-33ck

summary

Deserialization of Untrusted Data
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39149.json

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39149.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39149

reference_id

reference_type

scores

value	0.00708
scoring_system	epss
scoring_elements	0.72222
published_at	2026-04-21T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.72236
published_at	2026-04-18T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.72226
published_at	2026-04-16T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.72185
published_at	2026-04-13T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.72199
published_at	2026-04-12T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.72214
published_at	2026-04-11T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.72192
published_at	2026-04-09T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.7218
published_at	2026-04-08T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.72143
published_at	2026-04-07T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.72166
published_at	2026-04-04T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.72145
published_at	2026-04-02T12:55:00Z

value	0.00708
scoring_system	epss
scoring_elements	0.7214
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39149

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/x-stream/xstream

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream

reference_url

https://github.com/x-stream/xstream/security/advisories/GHSA-3ccq-5vw3-2p6x

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream/security/advisories/GHSA-3ccq-5vw3-2p6x

reference_url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/

reference_url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_url	https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210923-0003/

reference_url

https://www.debian.org/security/2021/dsa-5004

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-5004

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://x-stream.github.io/CVE-2021-39149.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://x-stream.github.io/CVE-2021-39149.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1997784
reference_id	1997784
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1997784

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id	998054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-39149

reference_id

CVE-2021-39149

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-39149

reference_url

https://github.com/advisories/GHSA-3ccq-5vw3-2p6x

reference_id

GHSA-3ccq-5vw3-2p6x

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3ccq-5vw3-2p6x

reference_url	https://access.redhat.com/errata/RHSA-2021:3956
reference_id	RHSA-2021:3956
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3956

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

reference_url	https://access.redhat.com/errata/RHSA-2021:4918
reference_id	RHSA-2021:4918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4918

reference_url	https://access.redhat.com/errata/RHSA-2022:0296
reference_id	RHSA-2022:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0296

reference_url	https://access.redhat.com/errata/RHSA-2022:0297
reference_id	RHSA-2022:0297
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0297

reference_url	https://access.redhat.com/errata/RHSA-2022:0520
reference_id	RHSA-2022:0520
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0520

reference_url	https://usn.ubuntu.com/5946-1/
reference_id	USN-5946-1
reference_type
scores
url	https://usn.ubuntu.com/5946-1/

fixed_packages

aliases

CVE-2021-39149, GHSA-3ccq-5vw3-2p6x

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-xsr8-3cke-33ck

url

VCID-yuwe-6pp1-bke2

vulnerability_id

VCID-yuwe-6pp1-bke2

summary

Deserialization of Untrusted Data
XStream is a simple library to serialize objects to XML and back again.However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39139.json

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39139.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39139

reference_id

reference_type

scores

value	0.00838
scoring_system	epss
scoring_elements	0.74704
published_at	2026-04-21T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74713
published_at	2026-04-18T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74705
published_at	2026-04-16T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74622
published_at	2026-04-01T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74697
published_at	2026-04-11T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74674
published_at	2026-04-09T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74659
published_at	2026-04-08T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74628
published_at	2026-04-07T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74653
published_at	2026-04-04T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74626
published_at	2026-04-02T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74668
published_at	2026-04-13T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74677
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/x-stream/xstream

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream

reference_url

https://github.com/x-stream/xstream/security/advisories/GHSA-64xx-cq4q-mf44

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/x-stream/xstream/security/advisories/GHSA-64xx-cq4q-mf44

reference_url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/

reference_url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210923-0003

reference_url	https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210923-0003/

reference_url

https://www.debian.org/security/2021/dsa-5004

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-5004

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1997763
reference_id	1997763
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1997763

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id	998054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-39139

reference_id

CVE-2021-39139

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-39139

reference_url

https://x-stream.github.io/CVE-2021-39139.html

reference_id

CVE-2021-39139.HTML

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://x-stream.github.io/CVE-2021-39139.html

reference_url

https://github.com/advisories/GHSA-64xx-cq4q-mf44

reference_id

GHSA-64xx-cq4q-mf44

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-64xx-cq4q-mf44

reference_url	https://access.redhat.com/errata/RHSA-2021:3956
reference_id	RHSA-2021:3956
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3956

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

reference_url	https://access.redhat.com/errata/RHSA-2021:4918
reference_id	RHSA-2021:4918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4918

reference_url	https://access.redhat.com/errata/RHSA-2022:0296
reference_id	RHSA-2022:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0296

reference_url	https://access.redhat.com/errata/RHSA-2022:0297
reference_id	RHSA-2022:0297
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0297

reference_url	https://access.redhat.com/errata/RHSA-2022:0520
reference_id	RHSA-2022:0520
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0520

reference_url	https://usn.ubuntu.com/5946-1/
reference_id	USN-5946-1
reference_type
scores
url	https://usn.ubuntu.com/5946-1/

fixed_packages

aliases

CVE-2021-39139, GHSA-64xx-cq4q-mf44

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-yuwe-6pp1-bke2

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/xstream@1.3.1-16%3Farch=el7_9

Package Instance