Search for packages
| purl | pkg:rpm/redhat/xstream@1.3.1-16?arch=el7_9 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-12bx-r37t-3ygm
Aliases: CVE-2021-39150 GHSA-cxfm-5m4g-x7xp |
Server-Side Request Forgery (SSRF) XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime to Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. | There are no reported fixed by versions. |
|
VCID-7ma6-2uv1-sbef
Aliases: CVE-2021-39147 GHSA-h7v4-7xg3-hxcc |
Deserialization of Untrusted Data XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. | There are no reported fixed by versions. |
|
VCID-8gha-n6ke-nucu
Aliases: CVE-2021-39148 GHSA-qrx8-8545-4wg2 |
Deserialization of Untrusted Data XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. | There are no reported fixed by versions. |
|
VCID-c5tu-31kw-mfcf
Aliases: CVE-2021-39153 GHSA-2q8x-2p7f-574v |
Deserialization of Untrusted Data XStream is a simple library to serialize objects to XML and back again. if using the version out of the box with Java runtime to 8 or with JavaFX installed. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. | There are no reported fixed by versions. |
|
VCID-dxpe-qmxq-ykax
Aliases: CVE-2021-39145 GHSA-8jrj-525p-826v |
Unrestricted Upload of File with Dangerous Type XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with a allow list limited to the minimal required types are not impacted. | There are no reported fixed by versions. |
|
VCID-eeye-wfxf-x7cc
Aliases: CVE-2021-39146 GHSA-p8pq-r894-fm8f |
Deserialization of Untrusted Data XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with a allow list limited to the minimal required types are not impacted. | There are no reported fixed by versions. |
|
VCID-f779-wcjk-kfc1
Aliases: CVE-2021-39154 GHSA-6w62-hx7r-mw68 |
Deserialization of Untrusted Data XStream is a simple library to serialize objects to XML and back again. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. | There are no reported fixed by versions. |
|
VCID-na6t-mkxt-3qbw
Aliases: CVE-2021-39144 GHSA-j9h8-phrw-h4fh |
XStream is vulnerable to a Remote Command Execution attack XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with a allow list limited to the minimal required types are not impacted. | There are no reported fixed by versions. |
|
VCID-npjx-vkrd-9bae
Aliases: CVE-2021-39141 GHSA-g5w6-mrj7-75h2 |
Deserialization of Untrusted Data XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. | There are no reported fixed by versions. |
|
VCID-rfc1-r1gr-wffp
Aliases: CVE-2021-39151 GHSA-hph2-m3g5-xxv4 |
Deserialization of Untrusted Data XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. | There are no reported fixed by versions. |
|
VCID-v7za-zjfx-mqek
Aliases: CVE-2021-39152 GHSA-xw4p-crpj-vjx2 |
Server-Side Request Forgery (SSRF) XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. | There are no reported fixed by versions. |
|
VCID-wehr-d623-akaj
Aliases: CVE-2021-39140 GHSA-6wf9-jmg9-vxcc |
Deserialization of Untrusted Data XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to allocate % CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. | There are no reported fixed by versions. |
|
VCID-xsr8-3cke-33ck
Aliases: CVE-2021-39149 GHSA-3ccq-5vw3-2p6x |
Deserialization of Untrusted Data XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. | There are no reported fixed by versions. |
|
VCID-yuwe-6pp1-bke2
Aliases: CVE-2021-39139 GHSA-64xx-cq4q-mf44 |
Deserialization of Untrusted Data XStream is a simple library to serialize objects to XML and back again.However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. Users who followed the recommendation to setup XStream's security framework with an allow list limited to the minimal required types are not impacted. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||