Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.thoughtworks.xstream/xstream@1.4.18
Typemaven
Namespacecom.thoughtworks.xstream
Namexstream
Version1.4.18
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.4.21
Latest_non_vulnerable_version1.4.21
Affected_by_vulnerabilities
0
url VCID-9442-1vwr-5fbt
vulnerability_id VCID-9442-1vwr-5fbt
summary 
XStream can cause Denial of Service via stack overflow
### Impact
The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream.

### Patches
XStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead.

### Workarounds
The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. Following types of the Java runtime are affected:

- java.util.HashMap
- java.util.HashSet
- java.util.Hashtable
- java.util.LinkedHashMap
- java.util.LinkedHashSet
- Other third party collection implementations that use their element's hash code may also be affected

A simple solution is to catch the StackOverflowError in the client code calling XStream.

If your object graph does not use referenced elements at all, you may simply set the NO_REFERENCE mode:
```Java
XStream xstream = new XStream();
xstream.setMode(XStream.NO_REFERENCES);
```

If your object graph contains neither a Hashtable, HashMap nor a HashSet (or one of the linked variants of it) then you can use the security framework to deny the usage of these types:
```Java
XStream xstream = new XStream();
xstream.denyTypes(new Class[]{
 java.util.HashMap.class, java.util.HashSet.class, java.util.Hashtable.class, java.util.LinkedHashMap.class, java.util.LinkedHashSet.class
});
```

Unfortunately these types are very common. If you only use HashMap or HashSet and your XML refers these only as default map or set, you may additionally change the default implementation of java.util.Map and java.util.Set at unmarshalling time::
```Java
xstream.addDefaultImplementation(java.util.TreeMap.class, java.util.Map.class);
xstream.addDefaultImplementation(java.util.TreeSet.class, java.util.Set.class);
```
However, this implies that your application does not care about the implementation of the map and all elements are comparable.

### References
See full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2022-41966](https://x-stream.github.io/CVE-2022-41966.html).

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)
* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41966.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41966.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41966
reference_id
reference_type
scores
0
value 0.02376
scoring_system epss
scoring_elements 0.84996
published_at 2026-04-18T12:55:00Z
1
value 0.02376
scoring_system epss
scoring_elements 0.84911
published_at 2026-04-02T12:55:00Z
2
value 0.02376
scoring_system epss
scoring_elements 0.84929
published_at 2026-04-04T12:55:00Z
3
value 0.02376
scoring_system epss
scoring_elements 0.84934
published_at 2026-04-07T12:55:00Z
4
value 0.02376
scoring_system epss
scoring_elements 0.84957
published_at 2026-04-08T12:55:00Z
5
value 0.02376
scoring_system epss
scoring_elements 0.84963
published_at 2026-04-09T12:55:00Z
6
value 0.02376
scoring_system epss
scoring_elements 0.84979
published_at 2026-04-11T12:55:00Z
7
value 0.02376
scoring_system epss
scoring_elements 0.84978
published_at 2026-04-12T12:55:00Z
8
value 0.02376
scoring_system epss
scoring_elements 0.84973
published_at 2026-04-13T12:55:00Z
9
value 0.02376
scoring_system epss
scoring_elements 0.84994
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41966
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41966
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41966
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
5
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-11T14:50:46Z/
url https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41966
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41966
7
reference_url https://x-stream.github.io/CVE-2022-41966.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-11T14:50:46Z/
url https://x-stream.github.io/CVE-2022-41966.html
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027754
reference_id 1027754
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027754
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2170431
reference_id 2170431
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2170431
10
reference_url https://github.com/advisories/GHSA-j563-grx4-pjpv
reference_id GHSA-j563-grx4-pjpv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j563-grx4-pjpv
11
reference_url https://access.redhat.com/errata/RHSA-2023:1006
reference_id RHSA-2023:1006
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1006
12
reference_url https://access.redhat.com/errata/RHSA-2023:1177
reference_id RHSA-2023:1177
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1177
13
reference_url https://access.redhat.com/errata/RHSA-2023:1286
reference_id RHSA-2023:1286
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1286
14
reference_url https://access.redhat.com/errata/RHSA-2023:2041
reference_id RHSA-2023:2041
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2041
15
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
16
reference_url https://access.redhat.com/errata/RHSA-2023:3625
reference_id RHSA-2023:3625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3625
17
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
18
reference_url https://usn.ubuntu.com/5946-1/
reference_id USN-5946-1
reference_type
scores
url https://usn.ubuntu.com/5946-1/
fixed_packages
0
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.20
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fcg2-x3s5-wudk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.20
aliases CVE-2022-41966, GHSA-j563-grx4-pjpv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9442-1vwr-5fbt
1
url VCID-exrn-u19r-wfd8
vulnerability_id VCID-exrn-u19r-wfd8
summary 
Duplicate Advisory: Denial of Service due to parser crash
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of [GHSA-f8cc-g7j8-xxpm](https://github.com/advisories/GHSA-f8cc-g7j8-xxpm). This link is maintained to preserve external references.

## Original Description
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
references
0
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367
1
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
2
reference_url https://github.com/x-stream/xstream/issues/304
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/issues/304
3
reference_url https://github.com/x-stream/xstream/issues/314
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/issues/314
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40151
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-40151
5
reference_url https://github.com/advisories/GHSA-3mq5-fq9h-gj7j
reference_id GHSA-3mq5-fq9h-gj7j
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3mq5-fq9h-gj7j
fixed_packages
0
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.20
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fcg2-x3s5-wudk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.20
aliases GHSA-3mq5-fq9h-gj7j, GMS-2022-9109
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-exrn-u19r-wfd8
2
url VCID-fcg2-x3s5-wudk
vulnerability_id VCID-fcg2-x3s5-wudk
summary 
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
### Impact
The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver.

### Patches
XStream 1.4.21 detects the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead.

### Workarounds
The only solution is to catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver.

### References
See full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2024-47072](https://x-stream.github.io/CVE-2024-47072.html).

### Credits
Alexis Challande of Trail Of Bits found and reported the issue to XStream and provided the required information to reproduce it.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47072.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47072.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47072
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49494
published_at 2026-04-18T12:55:00Z
1
value 0.00261
scoring_system epss
scoring_elements 0.49496
published_at 2026-04-16T12:55:00Z
2
value 0.00261
scoring_system epss
scoring_elements 0.4945
published_at 2026-04-13T12:55:00Z
3
value 0.00261
scoring_system epss
scoring_elements 0.49448
published_at 2026-04-12T12:55:00Z
4
value 0.00261
scoring_system epss
scoring_elements 0.49429
published_at 2026-04-02T12:55:00Z
5
value 0.00261
scoring_system epss
scoring_elements 0.49409
published_at 2026-04-07T12:55:00Z
6
value 0.00261
scoring_system epss
scoring_elements 0.49464
published_at 2026-04-08T12:55:00Z
7
value 0.00261
scoring_system epss
scoring_elements 0.49459
published_at 2026-04-09T12:55:00Z
8
value 0.00261
scoring_system epss
scoring_elements 0.49455
published_at 2026-04-04T12:55:00Z
9
value 0.00261
scoring_system epss
scoring_elements 0.49476
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47072
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47072
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47072
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
5
reference_url https://github.com/x-stream/xstream/commit/bb838ce2269cac47433e31c77b2b236466e9f266
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-08T15:17:42Z/
url https://github.com/x-stream/xstream/commit/bb838ce2269cac47433e31c77b2b236466e9f266
6
reference_url https://github.com/x-stream/xstream/commit/fdd9f7d3de0d7ccf2f9979bcd09fbf3e6a0c881a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/commit/fdd9f7d3de0d7ccf2f9979bcd09fbf3e6a0c881a
7
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-hfq9-hggm-c56q
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-08T15:17:42Z/
url https://github.com/x-stream/xstream/security/advisories/GHSA-hfq9-hggm-c56q
8
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00023.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00023.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47072
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47072
10
reference_url https://x-stream.github.io/CVE-2024-47072.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-08T15:17:42Z/
url https://x-stream.github.io/CVE-2024-47072.html
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087274
reference_id 1087274
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087274
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2324606
reference_id 2324606
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2324606
13
reference_url https://github.com/advisories/GHSA-hfq9-hggm-c56q
reference_id GHSA-hfq9-hggm-c56q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hfq9-hggm-c56q
14
reference_url https://access.redhat.com/errata/RHSA-2024:10214
reference_id RHSA-2024:10214
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10214
15
reference_url https://access.redhat.com/errata/RHSA-2025:2218
reference_id RHSA-2025:2218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2218
16
reference_url https://access.redhat.com/errata/RHSA-2025:2219
reference_id RHSA-2025:2219
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2219
17
reference_url https://access.redhat.com/errata/RHSA-2025:2220
reference_id RHSA-2025:2220
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2220
18
reference_url https://access.redhat.com/errata/RHSA-2025:2221
reference_id RHSA-2025:2221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2221
19
reference_url https://access.redhat.com/errata/RHSA-2025:2222
reference_id RHSA-2025:2222
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2222
20
reference_url https://access.redhat.com/errata/RHSA-2025:2223
reference_id RHSA-2025:2223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2223
fixed_packages
0
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.21
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.21
aliases CVE-2024-47072, GHSA-hfq9-hggm-c56q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fcg2-x3s5-wudk
3
url VCID-hqzr-vc5w-9ff5
vulnerability_id VCID-hqzr-vc5w-9ff5
summary 
Denial of Service due to parser crash
Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

This vulnerability is only relevant for users making use of the DTD parsing functionality.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40152.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40152.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-40152
reference_id
reference_type
scores
0
value 0.00803
scoring_system epss
scoring_elements 0.7415
published_at 2026-04-18T12:55:00Z
1
value 0.00803
scoring_system epss
scoring_elements 0.7406
published_at 2026-04-02T12:55:00Z
2
value 0.00803
scoring_system epss
scoring_elements 0.74086
published_at 2026-04-04T12:55:00Z
3
value 0.00803
scoring_system epss
scoring_elements 0.74057
published_at 2026-04-07T12:55:00Z
4
value 0.00803
scoring_system epss
scoring_elements 0.7409
published_at 2026-04-08T12:55:00Z
5
value 0.00803
scoring_system epss
scoring_elements 0.74105
published_at 2026-04-09T12:55:00Z
6
value 0.00803
scoring_system epss
scoring_elements 0.74126
published_at 2026-04-11T12:55:00Z
7
value 0.00803
scoring_system epss
scoring_elements 0.74109
published_at 2026-04-12T12:55:00Z
8
value 0.00803
scoring_system epss
scoring_elements 0.74102
published_at 2026-04-13T12:55:00Z
9
value 0.00803
scoring_system epss
scoring_elements 0.74141
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-40152
2
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:39:21Z/
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40152
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/FasterXML/woodstox
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox
6
reference_url https://github.com/FasterXML/woodstox/issues/157
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/issues/157
7
reference_url https://github.com/FasterXML/woodstox/issues/160
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/issues/160
8
reference_url https://github.com/FasterXML/woodstox/pull/159
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/pull/159
9
reference_url https://github.com/x-stream/xstream/issues/304
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:39:21Z/
url https://github.com/x-stream/xstream/issues/304
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40152
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-40152
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032089
reference_id 1032089
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032089
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2134291
reference_id 2134291
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2134291
13
reference_url https://github.com/advisories/GHSA-3f7h-mf4q-vrm4
reference_id GHSA-3f7h-mf4q-vrm4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3f7h-mf4q-vrm4
14
reference_url https://access.redhat.com/errata/RHSA-2023:0469
reference_id RHSA-2023:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0469
15
reference_url https://access.redhat.com/errata/RHSA-2023:0552
reference_id RHSA-2023:0552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0552
16
reference_url https://access.redhat.com/errata/RHSA-2023:0553
reference_id RHSA-2023:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0553
17
reference_url https://access.redhat.com/errata/RHSA-2023:0554
reference_id RHSA-2023:0554
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0554
18
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
19
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
20
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
21
reference_url https://access.redhat.com/errata/RHSA-2023:3641
reference_id RHSA-2023:3641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3641
22
reference_url https://access.redhat.com/errata/RHSA-2023:3815
reference_id RHSA-2023:3815
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3815
23
reference_url https://access.redhat.com/errata/RHSA-2023:4983
reference_id RHSA-2023:4983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4983
24
reference_url https://access.redhat.com/errata/RHSA-2025:4437
reference_id RHSA-2025:4437
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4437
fixed_packages
0
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.20
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fcg2-x3s5-wudk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.20
aliases CVE-2022-40152, GHSA-3f7h-mf4q-vrm4
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqzr-vc5w-9ff5
4
url VCID-mfub-hwcq-pqbt
vulnerability_id VCID-mfub-hwcq-pqbt
summary 
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow
### Impact
The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream.

### Patches
XStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead.

### Workarounds
The only solution is to catch the StackOverflowError in the client code calling XStream.

### References
See full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2022-40151](https://x-stream.github.io/CVE-2022-40151.html).

### Credits
The vulnerability was discovered and reported by Henry Lin of the Google OSS-Fuzz team.

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)
* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40151.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40151.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-40151
reference_id
reference_type
scores
0
value 0.00258
scoring_system epss
scoring_elements 0.49237
published_at 2026-04-18T12:55:00Z
1
value 0.00258
scoring_system epss
scoring_elements 0.49239
published_at 2026-04-16T12:55:00Z
2
value 0.00258
scoring_system epss
scoring_elements 0.49192
published_at 2026-04-13T12:55:00Z
3
value 0.00258
scoring_system epss
scoring_elements 0.49188
published_at 2026-04-12T12:55:00Z
4
value 0.00258
scoring_system epss
scoring_elements 0.49215
published_at 2026-04-11T12:55:00Z
5
value 0.00258
scoring_system epss
scoring_elements 0.49197
published_at 2026-04-09T12:55:00Z
6
value 0.00258
scoring_system epss
scoring_elements 0.492
published_at 2026-04-08T12:55:00Z
7
value 0.00258
scoring_system epss
scoring_elements 0.49146
published_at 2026-04-07T12:55:00Z
8
value 0.00258
scoring_system epss
scoring_elements 0.49194
published_at 2026-04-04T12:55:00Z
9
value 0.00258
scoring_system epss
scoring_elements 0.49166
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-40151
2
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:39:18Z/
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40151
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40151
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
6
reference_url https://github.com/x-stream/xstream/issues/304
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:39:18Z/
url https://github.com/x-stream/xstream/issues/304
7
reference_url https://github.com/x-stream/xstream/issues/314
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/issues/314
8
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-f8cc-g7j8-xxpm
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/security/advisories/GHSA-f8cc-g7j8-xxpm
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40151
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-40151
10
reference_url https://x-stream.github.io/CVE-2022-40151.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/CVE-2022-40151.html
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2134292
reference_id 2134292
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2134292
12
reference_url https://github.com/advisories/GHSA-f8cc-g7j8-xxpm
reference_id GHSA-f8cc-g7j8-xxpm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f8cc-g7j8-xxpm
13
reference_url https://access.redhat.com/errata/RHSA-2023:0469
reference_id RHSA-2023:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0469
14
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
15
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
fixed_packages
0
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.20
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fcg2-x3s5-wudk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.20
aliases CVE-2022-40151, GHSA-f8cc-g7j8-xxpm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mfub-hwcq-pqbt
5
url VCID-yb4j-92y9-nfb5
vulnerability_id VCID-yb4j-92y9-nfb5
summary 
Denial of Service by injecting highly recursive collections or maps in XStream
The vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43859.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43859.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43859
reference_id
reference_type
scores
0
value 0.01863
scoring_system epss
scoring_elements 0.83093
published_at 2026-04-18T12:55:00Z
1
value 0.01863
scoring_system epss
scoring_elements 0.83092
published_at 2026-04-16T12:55:00Z
2
value 0.01863
scoring_system epss
scoring_elements 0.83054
published_at 2026-04-13T12:55:00Z
3
value 0.01863
scoring_system epss
scoring_elements 0.83058
published_at 2026-04-12T12:55:00Z
4
value 0.01863
scoring_system epss
scoring_elements 0.83064
published_at 2026-04-11T12:55:00Z
5
value 0.01863
scoring_system epss
scoring_elements 0.83049
published_at 2026-04-09T12:55:00Z
6
value 0.01863
scoring_system epss
scoring_elements 0.83042
published_at 2026-04-08T12:55:00Z
7
value 0.01863
scoring_system epss
scoring_elements 0.83017
published_at 2026-04-07T12:55:00Z
8
value 0.01863
scoring_system epss
scoring_elements 0.83019
published_at 2026-04-04T12:55:00Z
9
value 0.01863
scoring_system epss
scoring_elements 0.83006
published_at 2026-04-02T12:55:00Z
10
value 0.01863
scoring_system epss
scoring_elements 0.8299
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43859
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43859
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43859
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
5
reference_url https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:17Z/
url https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846
6
reference_url https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:17Z/
url https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html
7
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00023.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00023.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X
12
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:17Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
13
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:17Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
14
reference_url http://www.openwall.com/lists/oss-security/2022/02/09/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:17Z/
url http://www.openwall.com/lists/oss-security/2022/02/09/1
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2049783
reference_id 2049783
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2049783
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43859
reference_id CVE-2021-43859
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-43859
17
reference_url https://x-stream.github.io/CVE-2021-43859.html
reference_id CVE-2021-43859.HTML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:17Z/
url https://x-stream.github.io/CVE-2021-43859.html
18
reference_url https://github.com/advisories/GHSA-rmr5-cpv2-vgjf
reference_id GHSA-rmr5-cpv2-vgjf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rmr5-cpv2-vgjf
19
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf
reference_id GHSA-rmr5-cpv2-vgjf
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:17Z/
url https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf
20
reference_url https://access.redhat.com/errata/RHSA-2022:1420
reference_id RHSA-2022:1420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1420
21
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
22
reference_url https://access.redhat.com/errata/RHSA-2022:5606
reference_id RHSA-2022:5606
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5606
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ/
reference_id VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:17Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X/
reference_id XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:17Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X/
fixed_packages
0
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.19
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9442-1vwr-5fbt
1
vulnerability VCID-exrn-u19r-wfd8
2
vulnerability VCID-fcg2-x3s5-wudk
3
vulnerability VCID-hqzr-vc5w-9ff5
4
vulnerability VCID-mfub-hwcq-pqbt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.19
aliases CVE-2021-43859, GHSA-rmr5-cpv2-vgjf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yb4j-92y9-nfb5
Fixing_vulnerabilities
0
url VCID-12bx-r37t-3ygm
vulnerability_id VCID-12bx-r37t-3ygm
summary 
Server-Side Request Forgery (SSRF)
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime to Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39150.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39150.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39150
reference_id
reference_type
scores
0
value 0.02418
scoring_system epss
scoring_elements 0.85143
published_at 2026-04-18T12:55:00Z
1
value 0.02418
scoring_system epss
scoring_elements 0.8514
published_at 2026-04-16T12:55:00Z
2
value 0.02418
scoring_system epss
scoring_elements 0.85119
published_at 2026-04-13T12:55:00Z
3
value 0.02418
scoring_system epss
scoring_elements 0.85046
published_at 2026-04-01T12:55:00Z
4
value 0.02418
scoring_system epss
scoring_elements 0.85102
published_at 2026-04-08T12:55:00Z
5
value 0.02418
scoring_system epss
scoring_elements 0.8508
published_at 2026-04-07T12:55:00Z
6
value 0.02418
scoring_system epss
scoring_elements 0.85076
published_at 2026-04-04T12:55:00Z
7
value 0.02418
scoring_system epss
scoring_elements 0.85059
published_at 2026-04-02T12:55:00Z
8
value 0.02418
scoring_system epss
scoring_elements 0.85122
published_at 2026-04-12T12:55:00Z
9
value 0.02418
scoring_system epss
scoring_elements 0.85125
published_at 2026-04-11T12:55:00Z
10
value 0.02418
scoring_system epss
scoring_elements 0.85109
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39150
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
18
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-cxfm-5m4g-x7xp
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/security/advisories/GHSA-cxfm-5m4g-x7xp
19
reference_url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
26
reference_url https://security.netapp.com/advisory/ntap-20210923-0003
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210923-0003
27
reference_url https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210923-0003/
28
reference_url https://www.debian.org/security/2021/dsa-5004
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5004
29
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
30
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
31
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
32
reference_url https://x-stream.github.io/CVE-2021-39150.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/CVE-2021-39150.html
33
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1997786
reference_id 1997786
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1997786
34
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id 998054
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39150
reference_id CVE-2021-39150
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39150
36
reference_url https://github.com/advisories/GHSA-cxfm-5m4g-x7xp
reference_id GHSA-cxfm-5m4g-x7xp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cxfm-5m4g-x7xp
37
reference_url https://access.redhat.com/errata/RHSA-2021:3956
reference_id RHSA-2021:3956
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3956
38
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
39
reference_url https://access.redhat.com/errata/RHSA-2021:4918
reference_id RHSA-2021:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4918
40
reference_url https://access.redhat.com/errata/RHSA-2022:0296
reference_id RHSA-2022:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0296
41
reference_url https://access.redhat.com/errata/RHSA-2022:0297
reference_id RHSA-2022:0297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0297
42
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
43
reference_url https://usn.ubuntu.com/5946-1/
reference_id USN-5946-1
reference_type
scores
url https://usn.ubuntu.com/5946-1/
fixed_packages
0
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9442-1vwr-5fbt
1
vulnerability VCID-exrn-u19r-wfd8
2
vulnerability VCID-fcg2-x3s5-wudk
3
vulnerability VCID-hqzr-vc5w-9ff5
4
vulnerability VCID-mfub-hwcq-pqbt
5
vulnerability VCID-yb4j-92y9-nfb5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
aliases CVE-2021-39150, GHSA-cxfm-5m4g-x7xp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-12bx-r37t-3ygm
1
url VCID-7ma6-2uv1-sbef
vulnerability_id VCID-7ma6-2uv1-sbef
summary 
Deserialization of Untrusted Data
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39147.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39147.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39147
reference_id
reference_type
scores
0
value 0.00674
scoring_system epss
scoring_elements 0.71459
published_at 2026-04-18T12:55:00Z
1
value 0.00674
scoring_system epss
scoring_elements 0.71453
published_at 2026-04-16T12:55:00Z
2
value 0.00674
scoring_system epss
scoring_elements 0.71407
published_at 2026-04-13T12:55:00Z
3
value 0.00674
scoring_system epss
scoring_elements 0.71425
published_at 2026-04-12T12:55:00Z
4
value 0.00674
scoring_system epss
scoring_elements 0.7144
published_at 2026-04-11T12:55:00Z
5
value 0.00674
scoring_system epss
scoring_elements 0.71418
published_at 2026-04-09T12:55:00Z
6
value 0.00674
scoring_system epss
scoring_elements 0.71406
published_at 2026-04-08T12:55:00Z
7
value 0.00674
scoring_system epss
scoring_elements 0.7139
published_at 2026-04-04T12:55:00Z
8
value 0.00674
scoring_system epss
scoring_elements 0.71373
published_at 2026-04-02T12:55:00Z
9
value 0.00674
scoring_system epss
scoring_elements 0.71365
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39147
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
18
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-h7v4-7xg3-hxcc
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/security/advisories/GHSA-h7v4-7xg3-hxcc
19
reference_url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
26
reference_url https://security.netapp.com/advisory/ntap-20210923-0003
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210923-0003
27
reference_url https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210923-0003/
28
reference_url https://www.debian.org/security/2021/dsa-5004
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5004
29
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
30
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
31
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
32
reference_url https://x-stream.github.io/CVE-2021-39147.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/CVE-2021-39147.html
33
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1997779
reference_id 1997779
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1997779
34
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id 998054
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39147
reference_id CVE-2021-39147
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39147
36
reference_url https://github.com/advisories/GHSA-h7v4-7xg3-hxcc
reference_id GHSA-h7v4-7xg3-hxcc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h7v4-7xg3-hxcc
37
reference_url https://access.redhat.com/errata/RHSA-2021:3956
reference_id RHSA-2021:3956
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3956
38
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
39
reference_url https://access.redhat.com/errata/RHSA-2021:4918
reference_id RHSA-2021:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4918
40
reference_url https://access.redhat.com/errata/RHSA-2022:0296
reference_id RHSA-2022:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0296
41
reference_url https://access.redhat.com/errata/RHSA-2022:0297
reference_id RHSA-2022:0297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0297
42
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
43
reference_url https://usn.ubuntu.com/5946-1/
reference_id USN-5946-1
reference_type
scores
url https://usn.ubuntu.com/5946-1/
fixed_packages
0
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9442-1vwr-5fbt
1
vulnerability VCID-exrn-u19r-wfd8
2
vulnerability VCID-fcg2-x3s5-wudk
3
vulnerability VCID-hqzr-vc5w-9ff5
4
vulnerability VCID-mfub-hwcq-pqbt
5
vulnerability VCID-yb4j-92y9-nfb5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
aliases CVE-2021-39147, GHSA-h7v4-7xg3-hxcc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ma6-2uv1-sbef
2
url VCID-8gha-n6ke-nucu
vulnerability_id VCID-8gha-n6ke-nucu
summary 
Deserialization of Untrusted Data
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39148.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39148.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39148
reference_id
reference_type
scores
0
value 0.00674
scoring_system epss
scoring_elements 0.71459
published_at 2026-04-18T12:55:00Z
1
value 0.00674
scoring_system epss
scoring_elements 0.71453
published_at 2026-04-16T12:55:00Z
2
value 0.00674
scoring_system epss
scoring_elements 0.71407
published_at 2026-04-13T12:55:00Z
3
value 0.00674
scoring_system epss
scoring_elements 0.71425
published_at 2026-04-12T12:55:00Z
4
value 0.00674
scoring_system epss
scoring_elements 0.7144
published_at 2026-04-11T12:55:00Z
5
value 0.00674
scoring_system epss
scoring_elements 0.71418
published_at 2026-04-09T12:55:00Z
6
value 0.00674
scoring_system epss
scoring_elements 0.71406
published_at 2026-04-08T12:55:00Z
7
value 0.00674
scoring_system epss
scoring_elements 0.7139
published_at 2026-04-04T12:55:00Z
8
value 0.00674
scoring_system epss
scoring_elements 0.71373
published_at 2026-04-02T12:55:00Z
9
value 0.00674
scoring_system epss
scoring_elements 0.71365
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39148
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
18
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-qrx8-8545-4wg2
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/security/advisories/GHSA-qrx8-8545-4wg2
19
reference_url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
26
reference_url https://security.netapp.com/advisory/ntap-20210923-0003
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210923-0003
27
reference_url https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210923-0003/
28
reference_url https://www.debian.org/security/2021/dsa-5004
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5004
29
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
30
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
31
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
32
reference_url https://x-stream.github.io/CVE-2021-39148.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/CVE-2021-39148.html
33
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1997781
reference_id 1997781
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1997781
34
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id 998054
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39148
reference_id CVE-2021-39148
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39148
36
reference_url https://github.com/advisories/GHSA-qrx8-8545-4wg2
reference_id GHSA-qrx8-8545-4wg2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qrx8-8545-4wg2
37
reference_url https://access.redhat.com/errata/RHSA-2021:3956
reference_id RHSA-2021:3956
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3956
38
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
39
reference_url https://access.redhat.com/errata/RHSA-2021:4918
reference_id RHSA-2021:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4918
40
reference_url https://access.redhat.com/errata/RHSA-2022:0296
reference_id RHSA-2022:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0296
41
reference_url https://access.redhat.com/errata/RHSA-2022:0297
reference_id RHSA-2022:0297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0297
42
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
43
reference_url https://usn.ubuntu.com/5946-1/
reference_id USN-5946-1
reference_type
scores
url https://usn.ubuntu.com/5946-1/
fixed_packages
0
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9442-1vwr-5fbt
1
vulnerability VCID-exrn-u19r-wfd8
2
vulnerability VCID-fcg2-x3s5-wudk
3
vulnerability VCID-hqzr-vc5w-9ff5
4
vulnerability VCID-mfub-hwcq-pqbt
5
vulnerability VCID-yb4j-92y9-nfb5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
aliases CVE-2021-39148, GHSA-qrx8-8545-4wg2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8gha-n6ke-nucu
3
url VCID-c5tu-31kw-mfcf
vulnerability_id VCID-c5tu-31kw-mfcf
summary 
Deserialization of Untrusted Data
XStream is a simple library to serialize objects to XML and back again. if using the version out of the box with Java runtime to 8 or with JavaFX installed. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39153.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39153.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39153
reference_id
reference_type
scores
0
value 0.00674
scoring_system epss
scoring_elements 0.71459
published_at 2026-04-18T12:55:00Z
1
value 0.00674
scoring_system epss
scoring_elements 0.71453
published_at 2026-04-16T12:55:00Z
2
value 0.00674
scoring_system epss
scoring_elements 0.71407
published_at 2026-04-13T12:55:00Z
3
value 0.00674
scoring_system epss
scoring_elements 0.71425
published_at 2026-04-12T12:55:00Z
4
value 0.00674
scoring_system epss
scoring_elements 0.7144
published_at 2026-04-11T12:55:00Z
5
value 0.00674
scoring_system epss
scoring_elements 0.71418
published_at 2026-04-09T12:55:00Z
6
value 0.00674
scoring_system epss
scoring_elements 0.71406
published_at 2026-04-08T12:55:00Z
7
value 0.00674
scoring_system epss
scoring_elements 0.7139
published_at 2026-04-04T12:55:00Z
8
value 0.00674
scoring_system epss
scoring_elements 0.71373
published_at 2026-04-02T12:55:00Z
9
value 0.00674
scoring_system epss
scoring_elements 0.71365
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39153
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
18
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-2q8x-2p7f-574v
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/security/advisories/GHSA-2q8x-2p7f-574v
19
reference_url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
26
reference_url https://security.netapp.com/advisory/ntap-20210923-0003
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210923-0003
27
reference_url https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210923-0003/
28
reference_url https://www.debian.org/security/2021/dsa-5004
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5004
29
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
30
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
31
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
32
reference_url https://x-stream.github.io/CVE-2021-39153.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/CVE-2021-39153.html
33
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1997795
reference_id 1997795
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1997795
34
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id 998054
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39153
reference_id CVE-2021-39153
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39153
36
reference_url https://github.com/advisories/GHSA-2q8x-2p7f-574v
reference_id GHSA-2q8x-2p7f-574v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2q8x-2p7f-574v
37
reference_url https://access.redhat.com/errata/RHSA-2021:3956
reference_id RHSA-2021:3956
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3956
38
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
39
reference_url https://access.redhat.com/errata/RHSA-2021:4918
reference_id RHSA-2021:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4918
40
reference_url https://access.redhat.com/errata/RHSA-2022:0296
reference_id RHSA-2022:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0296
41
reference_url https://access.redhat.com/errata/RHSA-2022:0297
reference_id RHSA-2022:0297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0297
42
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
43
reference_url https://usn.ubuntu.com/5946-1/
reference_id USN-5946-1
reference_type
scores
url https://usn.ubuntu.com/5946-1/
fixed_packages
0
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9442-1vwr-5fbt
1
vulnerability VCID-exrn-u19r-wfd8
2
vulnerability VCID-fcg2-x3s5-wudk
3
vulnerability VCID-hqzr-vc5w-9ff5
4
vulnerability VCID-mfub-hwcq-pqbt
5
vulnerability VCID-yb4j-92y9-nfb5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
aliases CVE-2021-39153, GHSA-2q8x-2p7f-574v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c5tu-31kw-mfcf
4
url VCID-dxpe-qmxq-ykax
vulnerability_id VCID-dxpe-qmxq-ykax
summary 
Unrestricted Upload of File with Dangerous Type
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with a allow list limited to the minimal required types are not impacted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39145.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39145.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39145
reference_id
reference_type
scores
0
value 0.00618
scoring_system epss
scoring_elements 0.70006
published_at 2026-04-18T12:55:00Z
1
value 0.00618
scoring_system epss
scoring_elements 0.69996
published_at 2026-04-16T12:55:00Z
2
value 0.00618
scoring_system epss
scoring_elements 0.69953
published_at 2026-04-13T12:55:00Z
3
value 0.00618
scoring_system epss
scoring_elements 0.69889
published_at 2026-04-01T12:55:00Z
4
value 0.00618
scoring_system epss
scoring_elements 0.69942
published_at 2026-04-08T12:55:00Z
5
value 0.00618
scoring_system epss
scoring_elements 0.69894
published_at 2026-04-07T12:55:00Z
6
value 0.00618
scoring_system epss
scoring_elements 0.69917
published_at 2026-04-04T12:55:00Z
7
value 0.00618
scoring_system epss
scoring_elements 0.69902
published_at 2026-04-02T12:55:00Z
8
value 0.00618
scoring_system epss
scoring_elements 0.69966
published_at 2026-04-12T12:55:00Z
9
value 0.00618
scoring_system epss
scoring_elements 0.69982
published_at 2026-04-11T12:55:00Z
10
value 0.00618
scoring_system epss
scoring_elements 0.69958
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39145
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
18
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v
19
reference_url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
26
reference_url https://security.netapp.com/advisory/ntap-20210923-0003
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210923-0003
27
reference_url https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210923-0003/
28
reference_url https://www.debian.org/security/2021/dsa-5004
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5004
29
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
30
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
31
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
32
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1997775
reference_id 1997775
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1997775
33
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id 998054
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
34
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39145
reference_id CVE-2021-39145
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39145
35
reference_url https://x-stream.github.io/CVE-2021-39145.html
reference_id CVE-2021-39145.HTML
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/CVE-2021-39145.html
36
reference_url https://github.com/advisories/GHSA-8jrj-525p-826v
reference_id GHSA-8jrj-525p-826v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8jrj-525p-826v
37
reference_url https://access.redhat.com/errata/RHSA-2021:3956
reference_id RHSA-2021:3956
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3956
38
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
39
reference_url https://access.redhat.com/errata/RHSA-2021:4918
reference_id RHSA-2021:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4918
40
reference_url https://access.redhat.com/errata/RHSA-2022:0296
reference_id RHSA-2022:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0296
41
reference_url https://access.redhat.com/errata/RHSA-2022:0297
reference_id RHSA-2022:0297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0297
42
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
43
reference_url https://usn.ubuntu.com/5946-1/
reference_id USN-5946-1
reference_type
scores
url https://usn.ubuntu.com/5946-1/
fixed_packages
0
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9442-1vwr-5fbt
1
vulnerability VCID-exrn-u19r-wfd8
2
vulnerability VCID-fcg2-x3s5-wudk
3
vulnerability VCID-hqzr-vc5w-9ff5
4
vulnerability VCID-mfub-hwcq-pqbt
5
vulnerability VCID-yb4j-92y9-nfb5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
aliases CVE-2021-39145, GHSA-8jrj-525p-826v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dxpe-qmxq-ykax
5
url VCID-eeye-wfxf-x7cc
vulnerability_id VCID-eeye-wfxf-x7cc
summary 
Deserialization of Untrusted Data
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with a allow list limited to the minimal required types are not impacted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39146.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39146.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39146
reference_id
reference_type
scores
0
value 0.47156
scoring_system epss
scoring_elements 0.97692
published_at 2026-04-18T12:55:00Z
1
value 0.47156
scoring_system epss
scoring_elements 0.9769
published_at 2026-04-16T12:55:00Z
2
value 0.47156
scoring_system epss
scoring_elements 0.97683
published_at 2026-04-13T12:55:00Z
3
value 0.47156
scoring_system epss
scoring_elements 0.97662
published_at 2026-04-01T12:55:00Z
4
value 0.47156
scoring_system epss
scoring_elements 0.97674
published_at 2026-04-08T12:55:00Z
5
value 0.47156
scoring_system epss
scoring_elements 0.9767
published_at 2026-04-07T12:55:00Z
6
value 0.47156
scoring_system epss
scoring_elements 0.97669
published_at 2026-04-04T12:55:00Z
7
value 0.47156
scoring_system epss
scoring_elements 0.97668
published_at 2026-04-02T12:55:00Z
8
value 0.47156
scoring_system epss
scoring_elements 0.97682
published_at 2026-04-12T12:55:00Z
9
value 0.47156
scoring_system epss
scoring_elements 0.9768
published_at 2026-04-11T12:55:00Z
10
value 0.47156
scoring_system epss
scoring_elements 0.97677
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39146
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
18
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-p8pq-r894-fm8f
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/security/advisories/GHSA-p8pq-r894-fm8f
19
reference_url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
26
reference_url https://security.netapp.com/advisory/ntap-20210923-0003
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210923-0003
27
reference_url https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210923-0003/
28
reference_url https://www.debian.org/security/2021/dsa-5004
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5004
29
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
30
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
31
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
32
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1997777
reference_id 1997777
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1997777
33
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id 998054
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
34
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39146
reference_id CVE-2021-39146
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39146
35
reference_url https://x-stream.github.io/CVE-2021-39146.html
reference_id CVE-2021-39146.HTML
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/CVE-2021-39146.html
36
reference_url https://github.com/advisories/GHSA-p8pq-r894-fm8f
reference_id GHSA-p8pq-r894-fm8f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p8pq-r894-fm8f
37
reference_url https://access.redhat.com/errata/RHSA-2021:3956
reference_id RHSA-2021:3956
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3956
38
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
39
reference_url https://access.redhat.com/errata/RHSA-2021:4918
reference_id RHSA-2021:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4918
40
reference_url https://access.redhat.com/errata/RHSA-2022:0296
reference_id RHSA-2022:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0296
41
reference_url https://access.redhat.com/errata/RHSA-2022:0297
reference_id RHSA-2022:0297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0297
42
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
43
reference_url https://usn.ubuntu.com/5946-1/
reference_id USN-5946-1
reference_type
scores
url https://usn.ubuntu.com/5946-1/
fixed_packages
0
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9442-1vwr-5fbt
1
vulnerability VCID-exrn-u19r-wfd8
2
vulnerability VCID-fcg2-x3s5-wudk
3
vulnerability VCID-hqzr-vc5w-9ff5
4
vulnerability VCID-mfub-hwcq-pqbt
5
vulnerability VCID-yb4j-92y9-nfb5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
aliases CVE-2021-39146, GHSA-p8pq-r894-fm8f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eeye-wfxf-x7cc
6
url VCID-f779-wcjk-kfc1
vulnerability_id VCID-f779-wcjk-kfc1
summary 
Deserialization of Untrusted Data
XStream is a simple library to serialize objects to XML and back again. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39154.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39154.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39154
reference_id
reference_type
scores
0
value 0.00674
scoring_system epss
scoring_elements 0.71459
published_at 2026-04-18T12:55:00Z
1
value 0.00674
scoring_system epss
scoring_elements 0.71453
published_at 2026-04-16T12:55:00Z
2
value 0.00674
scoring_system epss
scoring_elements 0.71407
published_at 2026-04-13T12:55:00Z
3
value 0.00674
scoring_system epss
scoring_elements 0.71425
published_at 2026-04-12T12:55:00Z
4
value 0.00674
scoring_system epss
scoring_elements 0.7144
published_at 2026-04-11T12:55:00Z
5
value 0.00674
scoring_system epss
scoring_elements 0.71418
published_at 2026-04-09T12:55:00Z
6
value 0.00674
scoring_system epss
scoring_elements 0.71406
published_at 2026-04-08T12:55:00Z
7
value 0.00674
scoring_system epss
scoring_elements 0.7139
published_at 2026-04-04T12:55:00Z
8
value 0.00674
scoring_system epss
scoring_elements 0.71373
published_at 2026-04-02T12:55:00Z
9
value 0.00674
scoring_system epss
scoring_elements 0.71365
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39154
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
18
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68
19
reference_url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
26
reference_url https://security.netapp.com/advisory/ntap-20210923-0003
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210923-0003
27
reference_url https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210923-0003/
28
reference_url https://www.debian.org/security/2021/dsa-5004
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5004
29
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
30
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
31
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
32
reference_url https://x-stream.github.io/CVE-2021-39154.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/CVE-2021-39154.html
33
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1997801
reference_id 1997801
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1997801
34
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id 998054
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39154
reference_id CVE-2021-39154
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39154
36
reference_url https://github.com/advisories/GHSA-6w62-hx7r-mw68
reference_id GHSA-6w62-hx7r-mw68
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6w62-hx7r-mw68
37
reference_url https://access.redhat.com/errata/RHSA-2021:3956
reference_id RHSA-2021:3956
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3956
38
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
39
reference_url https://access.redhat.com/errata/RHSA-2021:4918
reference_id RHSA-2021:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4918
40
reference_url https://access.redhat.com/errata/RHSA-2022:0296
reference_id RHSA-2022:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0296
41
reference_url https://access.redhat.com/errata/RHSA-2022:0297
reference_id RHSA-2022:0297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0297
42
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
43
reference_url https://usn.ubuntu.com/5946-1/
reference_id USN-5946-1
reference_type
scores
url https://usn.ubuntu.com/5946-1/
fixed_packages
0
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9442-1vwr-5fbt
1
vulnerability VCID-exrn-u19r-wfd8
2
vulnerability VCID-fcg2-x3s5-wudk
3
vulnerability VCID-hqzr-vc5w-9ff5
4
vulnerability VCID-mfub-hwcq-pqbt
5
vulnerability VCID-yb4j-92y9-nfb5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
aliases CVE-2021-39154, GHSA-6w62-hx7r-mw68
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f779-wcjk-kfc1
7
url VCID-na6t-mkxt-3qbw
vulnerability_id VCID-na6t-mkxt-3qbw
summary 
XStream is vulnerable to a Remote Command Execution attack
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with a allow list limited to the minimal required types are not impacted.
references
0
reference_url http://packetstormsecurity.com/files/169859/VMware-NSX-Manager-XStream-Unauthenticated-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/
url http://packetstormsecurity.com/files/169859/VMware-NSX-Manager-XStream-Unauthenticated-Remote-Code-Execution.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39144.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39144.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39144
reference_id
reference_type
scores
0
value 0.94255
scoring_system epss
scoring_elements 0.99933
published_at 2026-04-13T12:55:00Z
1
value 0.94255
scoring_system epss
scoring_elements 0.99934
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39144
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
17
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
18
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
19
reference_url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/
url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
26
reference_url https://security.netapp.com/advisory/ntap-20210923-0003
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210923-0003
27
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-39144
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-39144
28
reference_url https://www.debian.org/security/2021/dsa-5004
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/
url https://www.debian.org/security/2021/dsa-5004
29
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
30
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/
url https://www.oracle.com/security-alerts/cpujan2022.html
31
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
32
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1997772
reference_id 1997772
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1997772
33
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id 22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
34
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id 998054
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39144
reference_id CVE-2021-39144
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39144
36
reference_url https://x-stream.github.io/CVE-2021-39144.html
reference_id CVE-2021-39144.HTML
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/
url https://x-stream.github.io/CVE-2021-39144.html
37
reference_url https://github.com/advisories/GHSA-j9h8-phrw-h4fh
reference_id GHSA-j9h8-phrw-h4fh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j9h8-phrw-h4fh
38
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh
reference_id GHSA-j9h8-phrw-h4fh
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H
1
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/
url https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh
39
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
40
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T19:37:39Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
41
reference_url https://access.redhat.com/errata/RHSA-2021:3956
reference_id RHSA-2021:3956
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3956
42
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
43
reference_url https://access.redhat.com/errata/RHSA-2021:4918
reference_id RHSA-2021:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4918
44
reference_url https://access.redhat.com/errata/RHSA-2022:0296
reference_id RHSA-2022:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0296
45
reference_url https://access.redhat.com/errata/RHSA-2022:0297
reference_id RHSA-2022:0297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0297
46
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
47
reference_url https://access.redhat.com/errata/RHSA-2023:1303
reference_id RHSA-2023:1303
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1303
48
reference_url https://usn.ubuntu.com/5946-1/
reference_id USN-5946-1
reference_type
scores
url https://usn.ubuntu.com/5946-1/
fixed_packages
0
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9442-1vwr-5fbt
1
vulnerability VCID-exrn-u19r-wfd8
2
vulnerability VCID-fcg2-x3s5-wudk
3
vulnerability VCID-hqzr-vc5w-9ff5
4
vulnerability VCID-mfub-hwcq-pqbt
5
vulnerability VCID-yb4j-92y9-nfb5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
aliases CVE-2021-39144, GHSA-j9h8-phrw-h4fh
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-na6t-mkxt-3qbw
8
url VCID-npjx-vkrd-9bae
vulnerability_id VCID-npjx-vkrd-9bae
summary 
Deserialization of Untrusted Data
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39141.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39141.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39141
reference_id
reference_type
scores
0
value 0.81843
scoring_system epss
scoring_elements 0.99201
published_at 2026-04-18T12:55:00Z
1
value 0.81843
scoring_system epss
scoring_elements 0.99199
published_at 2026-04-16T12:55:00Z
2
value 0.81843
scoring_system epss
scoring_elements 0.99198
published_at 2026-04-12T12:55:00Z
3
value 0.81843
scoring_system epss
scoring_elements 0.99197
published_at 2026-04-13T12:55:00Z
4
value 0.81843
scoring_system epss
scoring_elements 0.99196
published_at 2026-04-07T12:55:00Z
5
value 0.81843
scoring_system epss
scoring_elements 0.99192
published_at 2026-04-04T12:55:00Z
6
value 0.81843
scoring_system epss
scoring_elements 0.9919
published_at 2026-04-02T12:55:00Z
7
value 0.81843
scoring_system epss
scoring_elements 0.99188
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39141
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
18
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-g5w6-mrj7-75h2
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/security/advisories/GHSA-g5w6-mrj7-75h2
19
reference_url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
26
reference_url https://security.netapp.com/advisory/ntap-20210923-0003
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210923-0003
27
reference_url https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210923-0003/
28
reference_url https://www.debian.org/security/2021/dsa-5004
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5004
29
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
30
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
31
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
32
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1997769
reference_id 1997769
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1997769
33
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id 998054
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
34
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39141
reference_id CVE-2021-39141
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39141
35
reference_url https://x-stream.github.io/CVE-2021-39141.html
reference_id CVE-2021-39141.HTML
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/CVE-2021-39141.html
36
reference_url https://github.com/advisories/GHSA-g5w6-mrj7-75h2
reference_id GHSA-g5w6-mrj7-75h2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g5w6-mrj7-75h2
37
reference_url https://access.redhat.com/errata/RHSA-2021:3956
reference_id RHSA-2021:3956
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3956
38
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
39
reference_url https://access.redhat.com/errata/RHSA-2021:4918
reference_id RHSA-2021:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4918
40
reference_url https://access.redhat.com/errata/RHSA-2022:0296
reference_id RHSA-2022:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0296
41
reference_url https://access.redhat.com/errata/RHSA-2022:0297
reference_id RHSA-2022:0297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0297
42
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
43
reference_url https://usn.ubuntu.com/5946-1/
reference_id USN-5946-1
reference_type
scores
url https://usn.ubuntu.com/5946-1/
fixed_packages
0
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9442-1vwr-5fbt
1
vulnerability VCID-exrn-u19r-wfd8
2
vulnerability VCID-fcg2-x3s5-wudk
3
vulnerability VCID-hqzr-vc5w-9ff5
4
vulnerability VCID-mfub-hwcq-pqbt
5
vulnerability VCID-yb4j-92y9-nfb5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
aliases CVE-2021-39141, GHSA-g5w6-mrj7-75h2
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-npjx-vkrd-9bae
9
url VCID-rfc1-r1gr-wffp
vulnerability_id VCID-rfc1-r1gr-wffp
summary 
Deserialization of Untrusted Data
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39151.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39151.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39151
reference_id
reference_type
scores
0
value 0.00708
scoring_system epss
scoring_elements 0.72236
published_at 2026-04-18T12:55:00Z
1
value 0.00708
scoring_system epss
scoring_elements 0.72226
published_at 2026-04-16T12:55:00Z
2
value 0.00708
scoring_system epss
scoring_elements 0.72185
published_at 2026-04-13T12:55:00Z
3
value 0.00708
scoring_system epss
scoring_elements 0.7214
published_at 2026-04-01T12:55:00Z
4
value 0.00708
scoring_system epss
scoring_elements 0.7218
published_at 2026-04-08T12:55:00Z
5
value 0.00708
scoring_system epss
scoring_elements 0.72143
published_at 2026-04-07T12:55:00Z
6
value 0.00708
scoring_system epss
scoring_elements 0.72166
published_at 2026-04-04T12:55:00Z
7
value 0.00708
scoring_system epss
scoring_elements 0.72145
published_at 2026-04-02T12:55:00Z
8
value 0.00708
scoring_system epss
scoring_elements 0.72199
published_at 2026-04-12T12:55:00Z
9
value 0.00708
scoring_system epss
scoring_elements 0.72214
published_at 2026-04-11T12:55:00Z
10
value 0.00708
scoring_system epss
scoring_elements 0.72192
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39151
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
18
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-hph2-m3g5-xxv4
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/security/advisories/GHSA-hph2-m3g5-xxv4
19
reference_url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
26
reference_url https://security.netapp.com/advisory/ntap-20210923-0003
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210923-0003
27
reference_url https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210923-0003/
28
reference_url https://www.debian.org/security/2021/dsa-5004
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5004
29
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
30
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
31
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
32
reference_url https://x-stream.github.io/CVE-2021-39151.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/CVE-2021-39151.html
33
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1997791
reference_id 1997791
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1997791
34
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id 998054
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39151
reference_id CVE-2021-39151
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39151
36
reference_url https://github.com/advisories/GHSA-hph2-m3g5-xxv4
reference_id GHSA-hph2-m3g5-xxv4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hph2-m3g5-xxv4
37
reference_url https://access.redhat.com/errata/RHSA-2021:3956
reference_id RHSA-2021:3956
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3956
38
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
39
reference_url https://access.redhat.com/errata/RHSA-2021:4918
reference_id RHSA-2021:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4918
40
reference_url https://access.redhat.com/errata/RHSA-2022:0296
reference_id RHSA-2022:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0296
41
reference_url https://access.redhat.com/errata/RHSA-2022:0297
reference_id RHSA-2022:0297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0297
42
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
43
reference_url https://usn.ubuntu.com/5946-1/
reference_id USN-5946-1
reference_type
scores
url https://usn.ubuntu.com/5946-1/
fixed_packages
0
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9442-1vwr-5fbt
1
vulnerability VCID-exrn-u19r-wfd8
2
vulnerability VCID-fcg2-x3s5-wudk
3
vulnerability VCID-hqzr-vc5w-9ff5
4
vulnerability VCID-mfub-hwcq-pqbt
5
vulnerability VCID-yb4j-92y9-nfb5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
aliases CVE-2021-39151, GHSA-hph2-m3g5-xxv4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rfc1-r1gr-wffp
10
url VCID-v7za-zjfx-mqek
vulnerability_id VCID-v7za-zjfx-mqek
summary 
Server-Side Request Forgery (SSRF)
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39152.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39152.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39152
reference_id
reference_type
scores
0
value 0.61765
scoring_system epss
scoring_elements 0.98342
published_at 2026-04-18T12:55:00Z
1
value 0.61765
scoring_system epss
scoring_elements 0.98337
published_at 2026-04-13T12:55:00Z
2
value 0.61765
scoring_system epss
scoring_elements 0.98336
published_at 2026-04-11T12:55:00Z
3
value 0.61765
scoring_system epss
scoring_elements 0.98333
published_at 2026-04-09T12:55:00Z
4
value 0.61765
scoring_system epss
scoring_elements 0.98328
published_at 2026-04-07T12:55:00Z
5
value 0.61765
scoring_system epss
scoring_elements 0.98325
published_at 2026-04-04T12:55:00Z
6
value 0.61765
scoring_system epss
scoring_elements 0.98323
published_at 2026-04-02T12:55:00Z
7
value 0.61765
scoring_system epss
scoring_elements 0.98321
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39152
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
18
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2
19
reference_url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
26
reference_url https://security.netapp.com/advisory/ntap-20210923-0003
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210923-0003
27
reference_url https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210923-0003/
28
reference_url https://www.debian.org/security/2021/dsa-5004
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5004
29
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
30
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
31
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
32
reference_url https://x-stream.github.io/CVE-2021-39152.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/CVE-2021-39152.html
33
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1997793
reference_id 1997793
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1997793
34
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id 998054
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39152
reference_id CVE-2021-39152
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39152
36
reference_url https://github.com/advisories/GHSA-xw4p-crpj-vjx2
reference_id GHSA-xw4p-crpj-vjx2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xw4p-crpj-vjx2
37
reference_url https://access.redhat.com/errata/RHSA-2021:3956
reference_id RHSA-2021:3956
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3956
38
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
39
reference_url https://access.redhat.com/errata/RHSA-2021:4918
reference_id RHSA-2021:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4918
40
reference_url https://access.redhat.com/errata/RHSA-2022:0296
reference_id RHSA-2022:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0296
41
reference_url https://access.redhat.com/errata/RHSA-2022:0297
reference_id RHSA-2022:0297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0297
42
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
43
reference_url https://usn.ubuntu.com/5946-1/
reference_id USN-5946-1
reference_type
scores
url https://usn.ubuntu.com/5946-1/
fixed_packages
0
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9442-1vwr-5fbt
1
vulnerability VCID-exrn-u19r-wfd8
2
vulnerability VCID-fcg2-x3s5-wudk
3
vulnerability VCID-hqzr-vc5w-9ff5
4
vulnerability VCID-mfub-hwcq-pqbt
5
vulnerability VCID-yb4j-92y9-nfb5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
aliases CVE-2021-39152, GHSA-xw4p-crpj-vjx2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v7za-zjfx-mqek
11
url VCID-wehr-d623-akaj
vulnerability_id VCID-wehr-d623-akaj
summary 
Deserialization of Untrusted Data
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to allocate % CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39140.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39140.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39140
reference_id
reference_type
scores
0
value 0.00138
scoring_system epss
scoring_elements 0.3397
published_at 2026-04-18T12:55:00Z
1
value 0.00138
scoring_system epss
scoring_elements 0.33948
published_at 2026-04-13T12:55:00Z
2
value 0.00138
scoring_system epss
scoring_elements 0.33972
published_at 2026-04-12T12:55:00Z
3
value 0.00138
scoring_system epss
scoring_elements 0.34053
published_at 2026-04-02T12:55:00Z
4
value 0.00138
scoring_system epss
scoring_elements 0.34083
published_at 2026-04-04T12:55:00Z
5
value 0.00138
scoring_system epss
scoring_elements 0.33942
published_at 2026-04-07T12:55:00Z
6
value 0.00138
scoring_system epss
scoring_elements 0.33984
published_at 2026-04-16T12:55:00Z
7
value 0.00138
scoring_system epss
scoring_elements 0.34015
published_at 2026-04-11T12:55:00Z
8
value 0.00138
scoring_system epss
scoring_elements 0.3371
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39140
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
18
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc
19
reference_url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
26
reference_url https://security.netapp.com/advisory/ntap-20210923-0003
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210923-0003
27
reference_url https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210923-0003/
28
reference_url https://www.debian.org/security/2021/dsa-5004
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5004
29
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
30
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
31
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
32
reference_url https://x-stream.github.io/CVE-2021-39140.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/CVE-2021-39140.html
33
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1997765
reference_id 1997765
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1997765
34
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id 998054
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39140
reference_id CVE-2021-39140
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39140
36
reference_url https://github.com/advisories/GHSA-6wf9-jmg9-vxcc
reference_id GHSA-6wf9-jmg9-vxcc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6wf9-jmg9-vxcc
37
reference_url https://access.redhat.com/errata/RHSA-2021:3956
reference_id RHSA-2021:3956
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3956
38
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
39
reference_url https://access.redhat.com/errata/RHSA-2021:4918
reference_id RHSA-2021:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4918
40
reference_url https://access.redhat.com/errata/RHSA-2022:0296
reference_id RHSA-2022:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0296
41
reference_url https://access.redhat.com/errata/RHSA-2022:0297
reference_id RHSA-2022:0297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0297
42
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
43
reference_url https://usn.ubuntu.com/5946-1/
reference_id USN-5946-1
reference_type
scores
url https://usn.ubuntu.com/5946-1/
fixed_packages
0
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9442-1vwr-5fbt
1
vulnerability VCID-exrn-u19r-wfd8
2
vulnerability VCID-fcg2-x3s5-wudk
3
vulnerability VCID-hqzr-vc5w-9ff5
4
vulnerability VCID-mfub-hwcq-pqbt
5
vulnerability VCID-yb4j-92y9-nfb5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
aliases CVE-2021-39140, GHSA-6wf9-jmg9-vxcc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wehr-d623-akaj
12
url VCID-xsr8-3cke-33ck
vulnerability_id VCID-xsr8-3cke-33ck
summary 
Deserialization of Untrusted Data
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39149.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39149.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39149
reference_id
reference_type
scores
0
value 0.00708
scoring_system epss
scoring_elements 0.72236
published_at 2026-04-18T12:55:00Z
1
value 0.00708
scoring_system epss
scoring_elements 0.72226
published_at 2026-04-16T12:55:00Z
2
value 0.00708
scoring_system epss
scoring_elements 0.72185
published_at 2026-04-13T12:55:00Z
3
value 0.00708
scoring_system epss
scoring_elements 0.7214
published_at 2026-04-01T12:55:00Z
4
value 0.00708
scoring_system epss
scoring_elements 0.7218
published_at 2026-04-08T12:55:00Z
5
value 0.00708
scoring_system epss
scoring_elements 0.72143
published_at 2026-04-07T12:55:00Z
6
value 0.00708
scoring_system epss
scoring_elements 0.72166
published_at 2026-04-04T12:55:00Z
7
value 0.00708
scoring_system epss
scoring_elements 0.72145
published_at 2026-04-02T12:55:00Z
8
value 0.00708
scoring_system epss
scoring_elements 0.72199
published_at 2026-04-12T12:55:00Z
9
value 0.00708
scoring_system epss
scoring_elements 0.72214
published_at 2026-04-11T12:55:00Z
10
value 0.00708
scoring_system epss
scoring_elements 0.72192
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39149
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
18
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-3ccq-5vw3-2p6x
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/security/advisories/GHSA-3ccq-5vw3-2p6x
19
reference_url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
26
reference_url https://security.netapp.com/advisory/ntap-20210923-0003
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210923-0003
27
reference_url https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210923-0003/
28
reference_url https://www.debian.org/security/2021/dsa-5004
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5004
29
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
30
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
31
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
32
reference_url https://x-stream.github.io/CVE-2021-39149.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/CVE-2021-39149.html
33
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1997784
reference_id 1997784
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1997784
34
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id 998054
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39149
reference_id CVE-2021-39149
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39149
36
reference_url https://github.com/advisories/GHSA-3ccq-5vw3-2p6x
reference_id GHSA-3ccq-5vw3-2p6x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3ccq-5vw3-2p6x
37
reference_url https://access.redhat.com/errata/RHSA-2021:3956
reference_id RHSA-2021:3956
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3956
38
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
39
reference_url https://access.redhat.com/errata/RHSA-2021:4918
reference_id RHSA-2021:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4918
40
reference_url https://access.redhat.com/errata/RHSA-2022:0296
reference_id RHSA-2022:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0296
41
reference_url https://access.redhat.com/errata/RHSA-2022:0297
reference_id RHSA-2022:0297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0297
42
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
43
reference_url https://usn.ubuntu.com/5946-1/
reference_id USN-5946-1
reference_type
scores
url https://usn.ubuntu.com/5946-1/
fixed_packages
0
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9442-1vwr-5fbt
1
vulnerability VCID-exrn-u19r-wfd8
2
vulnerability VCID-fcg2-x3s5-wudk
3
vulnerability VCID-hqzr-vc5w-9ff5
4
vulnerability VCID-mfub-hwcq-pqbt
5
vulnerability VCID-yb4j-92y9-nfb5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
aliases CVE-2021-39149, GHSA-3ccq-5vw3-2p6x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xsr8-3cke-33ck
13
url VCID-yuwe-6pp1-bke2
vulnerability_id VCID-yuwe-6pp1-bke2
summary 
Deserialization of Untrusted Data
XStream is a simple library to serialize objects to XML and back again.However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39139.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39139.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39139
reference_id
reference_type
scores
0
value 0.00838
scoring_system epss
scoring_elements 0.74713
published_at 2026-04-18T12:55:00Z
1
value 0.00838
scoring_system epss
scoring_elements 0.74705
published_at 2026-04-16T12:55:00Z
2
value 0.00838
scoring_system epss
scoring_elements 0.74668
published_at 2026-04-13T12:55:00Z
3
value 0.00838
scoring_system epss
scoring_elements 0.74622
published_at 2026-04-01T12:55:00Z
4
value 0.00838
scoring_system epss
scoring_elements 0.74697
published_at 2026-04-11T12:55:00Z
5
value 0.00838
scoring_system epss
scoring_elements 0.74674
published_at 2026-04-09T12:55:00Z
6
value 0.00838
scoring_system epss
scoring_elements 0.74659
published_at 2026-04-08T12:55:00Z
7
value 0.00838
scoring_system epss
scoring_elements 0.74628
published_at 2026-04-07T12:55:00Z
8
value 0.00838
scoring_system epss
scoring_elements 0.74653
published_at 2026-04-04T12:55:00Z
9
value 0.00838
scoring_system epss
scoring_elements 0.74626
published_at 2026-04-02T12:55:00Z
10
value 0.00838
scoring_system epss
scoring_elements 0.74677
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39139
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
18
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-64xx-cq4q-mf44
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/security/advisories/GHSA-64xx-cq4q-mf44
19
reference_url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
26
reference_url https://security.netapp.com/advisory/ntap-20210923-0003
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210923-0003
27
reference_url https://security.netapp.com/advisory/ntap-20210923-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210923-0003/
28
reference_url https://www.debian.org/security/2021/dsa-5004
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5004
29
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
30
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
31
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
32
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1997763
reference_id 1997763
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1997763
33
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
reference_id 998054
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998054
34
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39139
reference_id CVE-2021-39139
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39139
35
reference_url https://x-stream.github.io/CVE-2021-39139.html
reference_id CVE-2021-39139.HTML
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/CVE-2021-39139.html
36
reference_url https://github.com/advisories/GHSA-64xx-cq4q-mf44
reference_id GHSA-64xx-cq4q-mf44
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-64xx-cq4q-mf44
37
reference_url https://access.redhat.com/errata/RHSA-2021:3956
reference_id RHSA-2021:3956
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3956
38
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
39
reference_url https://access.redhat.com/errata/RHSA-2021:4918
reference_id RHSA-2021:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4918
40
reference_url https://access.redhat.com/errata/RHSA-2022:0296
reference_id RHSA-2022:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0296
41
reference_url https://access.redhat.com/errata/RHSA-2022:0297
reference_id RHSA-2022:0297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0297
42
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
43
reference_url https://usn.ubuntu.com/5946-1/
reference_id USN-5946-1
reference_type
scores
url https://usn.ubuntu.com/5946-1/
fixed_packages
0
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9442-1vwr-5fbt
1
vulnerability VCID-exrn-u19r-wfd8
2
vulnerability VCID-fcg2-x3s5-wudk
3
vulnerability VCID-hqzr-vc5w-9ff5
4
vulnerability VCID-mfub-hwcq-pqbt
5
vulnerability VCID-yb4j-92y9-nfb5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.18
aliases CVE-2021-39139, GHSA-64xx-cq4q-mf44
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yuwe-6pp1-bke2
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.18