Search for packages
| purl | pkg:deb/debian/libxstream-java@1.4.18-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-12bx-r37t-3ygm | Server-Side Request Forgery (SSRF) XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime to Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. |
CVE-2021-39150
GHSA-cxfm-5m4g-x7xp |
| VCID-7ma6-2uv1-sbef | Deserialization of Untrusted Data XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. |
CVE-2021-39147
GHSA-h7v4-7xg3-hxcc |
| VCID-8gha-n6ke-nucu | Deserialization of Untrusted Data XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. |
CVE-2021-39148
GHSA-qrx8-8545-4wg2 |
| VCID-c5tu-31kw-mfcf | Deserialization of Untrusted Data XStream is a simple library to serialize objects to XML and back again. if using the version out of the box with Java runtime to 8 or with JavaFX installed. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. |
CVE-2021-39153
GHSA-2q8x-2p7f-574v |
| VCID-dxpe-qmxq-ykax | Unrestricted Upload of File with Dangerous Type XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with a allow list limited to the minimal required types are not impacted. |
CVE-2021-39145
GHSA-8jrj-525p-826v |
| VCID-eeye-wfxf-x7cc | Deserialization of Untrusted Data XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with a allow list limited to the minimal required types are not impacted. |
CVE-2021-39146
GHSA-p8pq-r894-fm8f |
| VCID-f779-wcjk-kfc1 | Deserialization of Untrusted Data XStream is a simple library to serialize objects to XML and back again. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. |
CVE-2021-39154
GHSA-6w62-hx7r-mw68 |
| VCID-na6t-mkxt-3qbw | XStream is vulnerable to a Remote Command Execution attack XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with a allow list limited to the minimal required types are not impacted. |
CVE-2021-39144
GHSA-j9h8-phrw-h4fh |
| VCID-npjx-vkrd-9bae | Deserialization of Untrusted Data XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. |
CVE-2021-39141
GHSA-g5w6-mrj7-75h2 |
| VCID-rfc1-r1gr-wffp | Deserialization of Untrusted Data XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. |
CVE-2021-39151
GHSA-hph2-m3g5-xxv4 |
| VCID-v7za-zjfx-mqek | Server-Side Request Forgery (SSRF) XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. |
CVE-2021-39152
GHSA-xw4p-crpj-vjx2 |
| VCID-wehr-d623-akaj | Deserialization of Untrusted Data XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to allocate % CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. |
CVE-2021-39140
GHSA-6wf9-jmg9-vxcc |
| VCID-xsr8-3cke-33ck | Deserialization of Untrusted Data XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. |
CVE-2021-39149
GHSA-3ccq-5vw3-2p6x |
| VCID-yuwe-6pp1-bke2 | Deserialization of Untrusted Data XStream is a simple library to serialize objects to XML and back again.However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. |
CVE-2021-39139
GHSA-64xx-cq4q-mf44 |