Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/xstream@1.3.1-13?arch=el7_9
Typerpm
Namespaceredhat
Namexstream
Version1.3.1-13
Qualifiers
arch el7_9
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-6mz4-fu3s-vycx
vulnerability_id VCID-6mz4-fu3s-vycx
summary 
XStream is vulnerable to an Arbitrary Code Execution attack
### Impact
The vulnerability may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.

### Patches
If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.

### Workarounds
See [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.

### References
See full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21350](https://x-stream.github.io/CVE-2021-21350.html).

### Credits
The vulnerability was discovered and reported by threedr3am.

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)
* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21350.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21350.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21350
reference_id
reference_type
scores
0
value 0.08761
scoring_system epss
scoring_elements 0.92525
published_at 2026-04-21T12:55:00Z
1
value 0.08761
scoring_system epss
scoring_elements 0.92521
published_at 2026-04-18T12:55:00Z
2
value 0.08761
scoring_system epss
scoring_elements 0.92471
published_at 2026-04-01T12:55:00Z
3
value 0.08761
scoring_system epss
scoring_elements 0.92522
published_at 2026-04-16T12:55:00Z
4
value 0.08761
scoring_system epss
scoring_elements 0.92513
published_at 2026-04-12T12:55:00Z
5
value 0.08761
scoring_system epss
scoring_elements 0.92511
published_at 2026-04-13T12:55:00Z
6
value 0.08761
scoring_system epss
scoring_elements 0.92505
published_at 2026-04-09T12:55:00Z
7
value 0.08761
scoring_system epss
scoring_elements 0.925
published_at 2026-04-08T12:55:00Z
8
value 0.08761
scoring_system epss
scoring_elements 0.92489
published_at 2026-04-07T12:55:00Z
9
value 0.08761
scoring_system epss
scoring_elements 0.92485
published_at 2026-04-04T12:55:00Z
10
value 0.08761
scoring_system epss
scoring_elements 0.92477
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21350
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21350
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21350
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
5
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-43gc-mjxg-gvrq
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/security/advisories/GHSA-43gc-mjxg-gvrq
6
reference_url https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E
8
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21350
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21350
16
reference_url https://security.netapp.com/advisory/ntap-20210430-0002
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210430-0002
17
reference_url https://security.netapp.com/advisory/ntap-20210430-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210430-0002/
18
reference_url https://www.debian.org/security/2021/dsa-5004
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5004
19
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
20
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
21
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
22
reference_url https://x-stream.github.io/CVE-2021-21350.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/CVE-2021-21350.html
23
reference_url https://x-stream.github.io/security.html#workaround
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/security.html#workaround
24
reference_url http://x-stream.github.io/changes.html#1.4.16
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://x-stream.github.io/changes.html#1.4.16
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1942637
reference_id 1942637
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1942637
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843
reference_id 985843
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843
27
reference_url https://github.com/advisories/GHSA-43gc-mjxg-gvrq
reference_id GHSA-43gc-mjxg-gvrq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43gc-mjxg-gvrq
28
reference_url https://access.redhat.com/errata/RHSA-2021:1354
reference_id RHSA-2021:1354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1354
29
reference_url https://access.redhat.com/errata/RHSA-2021:2139
reference_id RHSA-2021:2139
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2139
30
reference_url https://access.redhat.com/errata/RHSA-2021:2475
reference_id RHSA-2021:2475
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2475
31
reference_url https://access.redhat.com/errata/RHSA-2021:2476
reference_id RHSA-2021:2476
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2476
32
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
33
reference_url https://access.redhat.com/errata/RHSA-2021:4918
reference_id RHSA-2021:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4918
34
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
35
reference_url https://usn.ubuntu.com/4943-1/
reference_id USN-4943-1
reference_type
scores
url https://usn.ubuntu.com/4943-1/
36
reference_url https://usn.ubuntu.com/6978-1/
reference_id USN-6978-1
reference_type
scores
url https://usn.ubuntu.com/6978-1/
fixed_packages
aliases CVE-2021-21350, GHSA-43gc-mjxg-gvrq
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6mz4-fu3s-vycx
1
url VCID-nrf7-heu6-vfdc
vulnerability_id VCID-nrf7-heu6-vfdc
summary 
XStream is vulnerable to an Arbitrary Code Execution attack
### Impact
The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.

### Patches
If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.

### Workarounds
See [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.

### References
See full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21344](https://x-stream.github.io/CVE-2021-21344.html).

### Credits
钟潦贵 (Liaogui Zhong) found and reported the issue to XStream and provided the required information to reproduce it.

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)
* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21344.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21344.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21344
reference_id
reference_type
scores
0
value 0.30602
scoring_system epss
scoring_elements 0.96727
published_at 2026-04-21T12:55:00Z
1
value 0.30602
scoring_system epss
scoring_elements 0.96724
published_at 2026-04-18T12:55:00Z
2
value 0.30602
scoring_system epss
scoring_elements 0.96682
published_at 2026-04-01T12:55:00Z
3
value 0.30602
scoring_system epss
scoring_elements 0.9672
published_at 2026-04-16T12:55:00Z
4
value 0.30602
scoring_system epss
scoring_elements 0.96714
published_at 2026-04-13T12:55:00Z
5
value 0.30602
scoring_system epss
scoring_elements 0.96711
published_at 2026-04-12T12:55:00Z
6
value 0.30602
scoring_system epss
scoring_elements 0.96708
published_at 2026-04-09T12:55:00Z
7
value 0.30602
scoring_system epss
scoring_elements 0.96706
published_at 2026-04-08T12:55:00Z
8
value 0.30602
scoring_system epss
scoring_elements 0.96699
published_at 2026-04-07T12:55:00Z
9
value 0.30602
scoring_system epss
scoring_elements 0.96694
published_at 2026-04-04T12:55:00Z
10
value 0.30602
scoring_system epss
scoring_elements 0.96693
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21344
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21344
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21344
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
5
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-59jw-jqf4-3wq3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/security/advisories/GHSA-59jw-jqf4-3wq3
6
reference_url https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E
8
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21344
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21344
16
reference_url https://security.netapp.com/advisory/ntap-20210430-0002
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210430-0002
17
reference_url https://security.netapp.com/advisory/ntap-20210430-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210430-0002/
18
reference_url https://www.debian.org/security/2021/dsa-5004
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5004
19
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
20
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
21
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
22
reference_url https://x-stream.github.io/CVE-2021-21344.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/CVE-2021-21344.html
23
reference_url https://x-stream.github.io/security.html#workaround
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/security.html#workaround
24
reference_url http://x-stream.github.io/changes.html#1.4.16
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://x-stream.github.io/changes.html#1.4.16
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1942554
reference_id 1942554
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1942554
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843
reference_id 985843
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843
27
reference_url https://github.com/advisories/GHSA-59jw-jqf4-3wq3
reference_id GHSA-59jw-jqf4-3wq3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-59jw-jqf4-3wq3
28
reference_url https://access.redhat.com/errata/RHSA-2021:1354
reference_id RHSA-2021:1354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1354
29
reference_url https://access.redhat.com/errata/RHSA-2021:2139
reference_id RHSA-2021:2139
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2139
30
reference_url https://access.redhat.com/errata/RHSA-2021:2475
reference_id RHSA-2021:2475
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2475
31
reference_url https://access.redhat.com/errata/RHSA-2021:2476
reference_id RHSA-2021:2476
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2476
32
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
33
reference_url https://access.redhat.com/errata/RHSA-2021:4918
reference_id RHSA-2021:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4918
34
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
35
reference_url https://usn.ubuntu.com/4943-1/
reference_id USN-4943-1
reference_type
scores
url https://usn.ubuntu.com/4943-1/
36
reference_url https://usn.ubuntu.com/6978-1/
reference_id USN-6978-1
reference_type
scores
url https://usn.ubuntu.com/6978-1/
fixed_packages
aliases CVE-2021-21344, GHSA-59jw-jqf4-3wq3
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nrf7-heu6-vfdc
2
url VCID-qh44-75jb-wbhf
vulnerability_id VCID-qh44-75jb-wbhf
summary 
XStream is vulnerable to a Remote Command Execution attack
### Impact
The vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.

### Patches
If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.

### Workarounds
See [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.

### References
See full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21345](https://x-stream.github.io/CVE-2021-21345.html).

### Credits
钟潦贵 (Liaogui Zhong) found and reported the issue to XStream and provided the required information to reproduce it.

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)
* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21345.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21345.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21345
reference_id
reference_type
scores
0
value 0.88091
scoring_system epss
scoring_elements 0.99489
published_at 2026-04-21T12:55:00Z
1
value 0.88091
scoring_system epss
scoring_elements 0.99488
published_at 2026-04-18T12:55:00Z
2
value 0.88091
scoring_system epss
scoring_elements 0.99486
published_at 2026-04-13T12:55:00Z
3
value 0.88091
scoring_system epss
scoring_elements 0.99479
published_at 2026-04-02T12:55:00Z
4
value 0.88091
scoring_system epss
scoring_elements 0.99483
published_at 2026-04-07T12:55:00Z
5
value 0.88091
scoring_system epss
scoring_elements 0.99481
published_at 2026-04-04T12:55:00Z
6
value 0.88091
scoring_system epss
scoring_elements 0.99484
published_at 2026-04-08T12:55:00Z
7
value 0.88091
scoring_system epss
scoring_elements 0.99485
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21345
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21345
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21345
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
5
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-hwpc-8xqv-jvj4
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/security/advisories/GHSA-hwpc-8xqv-jvj4
6
reference_url https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E
8
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21345
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21345
16
reference_url https://security.netapp.com/advisory/ntap-20210430-0002
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210430-0002
17
reference_url https://security.netapp.com/advisory/ntap-20210430-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210430-0002/
18
reference_url https://www.debian.org/security/2021/dsa-5004
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5004
19
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
20
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
21
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
22
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
23
reference_url https://x-stream.github.io/CVE-2021-21345.html
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/CVE-2021-21345.html
24
reference_url https://x-stream.github.io/security.html#workaround
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/security.html#workaround
25
reference_url http://x-stream.github.io/changes.html#1.4.16
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://x-stream.github.io/changes.html#1.4.16
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1942558
reference_id 1942558
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1942558
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843
reference_id 985843
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843
28
reference_url https://github.com/advisories/GHSA-hwpc-8xqv-jvj4
reference_id GHSA-hwpc-8xqv-jvj4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hwpc-8xqv-jvj4
29
reference_url https://access.redhat.com/errata/RHSA-2021:1354
reference_id RHSA-2021:1354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1354
30
reference_url https://access.redhat.com/errata/RHSA-2021:2139
reference_id RHSA-2021:2139
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2139
31
reference_url https://access.redhat.com/errata/RHSA-2021:2475
reference_id RHSA-2021:2475
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2475
32
reference_url https://access.redhat.com/errata/RHSA-2021:2476
reference_id RHSA-2021:2476
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2476
33
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
34
reference_url https://access.redhat.com/errata/RHSA-2021:4918
reference_id RHSA-2021:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4918
35
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
36
reference_url https://usn.ubuntu.com/4943-1/
reference_id USN-4943-1
reference_type
scores
url https://usn.ubuntu.com/4943-1/
37
reference_url https://usn.ubuntu.com/6978-1/
reference_id USN-6978-1
reference_type
scores
url https://usn.ubuntu.com/6978-1/
fixed_packages
aliases CVE-2021-21345, GHSA-hwpc-8xqv-jvj4
risk_score 10.0
exploitability 2.0
weighted_severity 7.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qh44-75jb-wbhf
3
url VCID-vpxs-6wcf-ckh9
vulnerability_id VCID-vpxs-6wcf-ckh9
summary 
XStream is vulnerable to an Arbitrary Code Execution attack
### Impact
The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.

### Patches
If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.

### Workarounds
See [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.

### References
See full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21346](https://x-stream.github.io/CVE-2021-21346.html).

### Credits
wh1t3p1g G5-RD6@IIE found and reported the issue to XStream and provided the required information to reproduce it.

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)
* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21346.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21346.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21346
reference_id
reference_type
scores
0
value 0.03665
scoring_system epss
scoring_elements 0.8791
published_at 2026-04-21T12:55:00Z
1
value 0.03665
scoring_system epss
scoring_elements 0.87911
published_at 2026-04-18T12:55:00Z
2
value 0.03665
scoring_system epss
scoring_elements 0.8784
published_at 2026-04-01T12:55:00Z
3
value 0.03665
scoring_system epss
scoring_elements 0.87912
published_at 2026-04-16T12:55:00Z
4
value 0.03665
scoring_system epss
scoring_elements 0.87898
published_at 2026-04-13T12:55:00Z
5
value 0.03665
scoring_system epss
scoring_elements 0.87899
published_at 2026-04-12T12:55:00Z
6
value 0.03665
scoring_system epss
scoring_elements 0.87906
published_at 2026-04-11T12:55:00Z
7
value 0.03665
scoring_system epss
scoring_elements 0.87894
published_at 2026-04-09T12:55:00Z
8
value 0.03665
scoring_system epss
scoring_elements 0.87888
published_at 2026-04-08T12:55:00Z
9
value 0.03665
scoring_system epss
scoring_elements 0.87866
published_at 2026-04-07T12:55:00Z
10
value 0.03665
scoring_system epss
scoring_elements 0.87863
published_at 2026-04-04T12:55:00Z
11
value 0.03665
scoring_system epss
scoring_elements 0.8785
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21346
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21346
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21346
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
5
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-4hrm-m67v-5cxr
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/security/advisories/GHSA-4hrm-m67v-5cxr
6
reference_url https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E
8
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21346
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21346
16
reference_url https://security.netapp.com/advisory/ntap-20210430-0002
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210430-0002
17
reference_url https://security.netapp.com/advisory/ntap-20210430-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210430-0002/
18
reference_url https://www.debian.org/security/2021/dsa-5004
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5004
19
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
20
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
21
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
22
reference_url https://x-stream.github.io/CVE-2021-21346.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/CVE-2021-21346.html
23
reference_url https://x-stream.github.io/security.html#workaround
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/security.html#workaround
24
reference_url http://x-stream.github.io/changes.html#1.4.16
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://x-stream.github.io/changes.html#1.4.16
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1942578
reference_id 1942578
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1942578
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843
reference_id 985843
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843
27
reference_url https://github.com/advisories/GHSA-4hrm-m67v-5cxr
reference_id GHSA-4hrm-m67v-5cxr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4hrm-m67v-5cxr
28
reference_url https://access.redhat.com/errata/RHSA-2021:1354
reference_id RHSA-2021:1354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1354
29
reference_url https://access.redhat.com/errata/RHSA-2021:2139
reference_id RHSA-2021:2139
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2139
30
reference_url https://access.redhat.com/errata/RHSA-2021:2475
reference_id RHSA-2021:2475
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2475
31
reference_url https://access.redhat.com/errata/RHSA-2021:2476
reference_id RHSA-2021:2476
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2476
32
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
33
reference_url https://access.redhat.com/errata/RHSA-2021:4918
reference_id RHSA-2021:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4918
34
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
35
reference_url https://usn.ubuntu.com/4943-1/
reference_id USN-4943-1
reference_type
scores
url https://usn.ubuntu.com/4943-1/
36
reference_url https://usn.ubuntu.com/6978-1/
reference_id USN-6978-1
reference_type
scores
url https://usn.ubuntu.com/6978-1/
fixed_packages
aliases CVE-2021-21346, GHSA-4hrm-m67v-5cxr
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vpxs-6wcf-ckh9
4
url VCID-xdpy-sx55-b3ac
vulnerability_id VCID-xdpy-sx55-b3ac
summary 
XStream is vulnerable to an Arbitrary Code Execution attack
### Impact
The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.

### Patches
If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.

### Workarounds
See [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.

### References
See full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21347](https://x-stream.github.io/CVE-2021-21347.html).

### Credits
The vulnerability was discovered and reported by threedr3am.

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)
* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21347.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21347.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21347
reference_id
reference_type
scores
0
value 0.03287
scoring_system epss
scoring_elements 0.87208
published_at 2026-04-21T12:55:00Z
1
value 0.03287
scoring_system epss
scoring_elements 0.87215
published_at 2026-04-18T12:55:00Z
2
value 0.03287
scoring_system epss
scoring_elements 0.8714
published_at 2026-04-01T12:55:00Z
3
value 0.03287
scoring_system epss
scoring_elements 0.8721
published_at 2026-04-16T12:55:00Z
4
value 0.03287
scoring_system epss
scoring_elements 0.87194
published_at 2026-04-13T12:55:00Z
5
value 0.03287
scoring_system epss
scoring_elements 0.87199
published_at 2026-04-12T12:55:00Z
6
value 0.03287
scoring_system epss
scoring_elements 0.87205
published_at 2026-04-11T12:55:00Z
7
value 0.03287
scoring_system epss
scoring_elements 0.87191
published_at 2026-04-09T12:55:00Z
8
value 0.03287
scoring_system epss
scoring_elements 0.87185
published_at 2026-04-08T12:55:00Z
9
value 0.03287
scoring_system epss
scoring_elements 0.87165
published_at 2026-04-07T12:55:00Z
10
value 0.03287
scoring_system epss
scoring_elements 0.87168
published_at 2026-04-04T12:55:00Z
11
value 0.03287
scoring_system epss
scoring_elements 0.87151
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21347
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21347
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21347
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
5
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-qpfq-ph7r-qv6f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/security/advisories/GHSA-qpfq-ph7r-qv6f
6
reference_url https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E
8
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21347
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21347
16
reference_url https://security.netapp.com/advisory/ntap-20210430-0002
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210430-0002
17
reference_url https://security.netapp.com/advisory/ntap-20210430-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210430-0002/
18
reference_url https://www.debian.org/security/2021/dsa-5004
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5004
19
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
20
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
21
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
22
reference_url https://x-stream.github.io/CVE-2021-21347.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/CVE-2021-21347.html
23
reference_url https://x-stream.github.io/security.html#workaround
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/security.html#workaround
24
reference_url http://x-stream.github.io/changes.html#1.4.16
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://x-stream.github.io/changes.html#1.4.16
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1942629
reference_id 1942629
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1942629
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843
reference_id 985843
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843
27
reference_url https://github.com/advisories/GHSA-qpfq-ph7r-qv6f
reference_id GHSA-qpfq-ph7r-qv6f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qpfq-ph7r-qv6f
28
reference_url https://access.redhat.com/errata/RHSA-2021:1354
reference_id RHSA-2021:1354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1354
29
reference_url https://access.redhat.com/errata/RHSA-2021:2139
reference_id RHSA-2021:2139
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2139
30
reference_url https://access.redhat.com/errata/RHSA-2021:2475
reference_id RHSA-2021:2475
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2475
31
reference_url https://access.redhat.com/errata/RHSA-2021:2476
reference_id RHSA-2021:2476
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2476
32
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
33
reference_url https://access.redhat.com/errata/RHSA-2021:4918
reference_id RHSA-2021:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4918
34
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
35
reference_url https://usn.ubuntu.com/4943-1/
reference_id USN-4943-1
reference_type
scores
url https://usn.ubuntu.com/4943-1/
36
reference_url https://usn.ubuntu.com/6978-1/
reference_id USN-6978-1
reference_type
scores
url https://usn.ubuntu.com/6978-1/
fixed_packages
aliases CVE-2021-21347, GHSA-qpfq-ph7r-qv6f
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xdpy-sx55-b3ac
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/xstream@1.3.1-13%3Farch=el7_9