Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/100756?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/100756?format=api", "purl": "pkg:rpm/redhat/xstream@1.3.1-13?arch=el7_9", "type": "rpm", "namespace": "redhat", "name": "xstream", "version": "1.3.1-13", "qualifiers": { "arch": "el7_9" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42322?format=api", "vulnerability_id": "VCID-6mz4-fu3s-vycx", "summary": "XStream is vulnerable to an Arbitrary Code Execution attack\n### Impact\nThe vulnerability may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21350](https://x-stream.github.io/CVE-2021-21350.html).\n\n### Credits\nThe vulnerability was discovered and reported by threedr3am.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21350.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21350.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21350", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08761", "scoring_system": "epss", "scoring_elements": "0.9259", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.08761", "scoring_system": "epss", "scoring_elements": "0.92565", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.08761", "scoring_system": "epss", "scoring_elements": "0.92559", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.08761", "scoring_system": "epss", "scoring_elements": "0.92555", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.08761", "scoring_system": "epss", "scoring_elements": "0.92545", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.08761", "scoring_system": "epss", "scoring_elements": "0.92533", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.08761", "scoring_system": "epss", "scoring_elements": "0.92524", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.08761", "scoring_system": "epss", "scoring_elements": "0.92527", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.08761", "scoring_system": "epss", "scoring_elements": "0.92526", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.08761", "scoring_system": "epss", "scoring_elements": "0.92525", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.08761", "scoring_system": "epss", "scoring_elements": "0.92521", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.08761", "scoring_system": "epss", "scoring_elements": "0.92522", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.08761", "scoring_system": "epss", "scoring_elements": "0.92505", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.08761", "scoring_system": "epss", "scoring_elements": "0.925", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.08761", "scoring_system": "epss", "scoring_elements": "0.92489", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.08761", "scoring_system": "epss", "scoring_elements": "0.92485", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.08761", "scoring_system": "epss", "scoring_elements": "0.92477", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.08761", "scoring_system": "epss", "scoring_elements": "0.92471", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.08761", "scoring_system": "epss", "scoring_elements": "0.92513", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.08761", "scoring_system": "epss", "scoring_elements": "0.92511", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21350" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/x-stream/xstream", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/x-stream/xstream" }, { "reference_url": "https://github.com/x-stream/xstream/security/advisories/GHSA-43gc-mjxg-gvrq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-43gc-mjxg-gvrq" }, { "reference_url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21350", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21350" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210430-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210430-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210430-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210430-0002/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-5004" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://x-stream.github.io/CVE-2021-21350.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://x-stream.github.io/CVE-2021-21350.html" }, { "reference_url": "https://x-stream.github.io/security.html#workaround", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://x-stream.github.io/security.html#workaround" }, { "reference_url": "http://x-stream.github.io/changes.html#1.4.16", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://x-stream.github.io/changes.html#1.4.16" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942637", "reference_id": "1942637", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942637" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843", "reference_id": "985843", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843" }, { "reference_url": "https://github.com/advisories/GHSA-43gc-mjxg-gvrq", "reference_id": "GHSA-43gc-mjxg-gvrq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-43gc-mjxg-gvrq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1354", "reference_id": "RHSA-2021:1354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2139", "reference_id": "RHSA-2021:2139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2475", "reference_id": "RHSA-2021:2475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2476", "reference_id": "RHSA-2021:2476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4767", "reference_id": "RHSA-2021:4767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4767" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4918", "reference_id": "RHSA-2021:4918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5134", "reference_id": "RHSA-2021:5134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5134" }, { "reference_url": "https://usn.ubuntu.com/4943-1/", "reference_id": "USN-4943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4943-1/" }, { "reference_url": "https://usn.ubuntu.com/6978-1/", "reference_id": "USN-6978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6978-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2021-21350", "GHSA-43gc-mjxg-gvrq" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6mz4-fu3s-vycx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42346?format=api", "vulnerability_id": "VCID-nrf7-heu6-vfdc", "summary": "XStream is vulnerable to an Arbitrary Code Execution attack\n### Impact\nThe vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21344](https://x-stream.github.io/CVE-2021-21344.html).\n\n### Credits\n钟潦贵 (Liaogui Zhong) found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21344.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21344.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21344", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.30602", "scoring_system": "epss", "scoring_elements": "0.96764", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.30602", "scoring_system": "epss", "scoring_elements": "0.96755", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.30602", "scoring_system": "epss", "scoring_elements": "0.9675", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.30602", "scoring_system": "epss", "scoring_elements": "0.96746", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.30602", "scoring_system": "epss", "scoring_elements": "0.96742", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.30602", "scoring_system": "epss", "scoring_elements": "0.96739", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.30602", "scoring_system": "epss", "scoring_elements": "0.9673", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.30602", "scoring_system": "epss", "scoring_elements": "0.96725", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.30602", "scoring_system": "epss", "scoring_elements": "0.96727", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.30602", "scoring_system": "epss", "scoring_elements": "0.96724", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.30602", "scoring_system": "epss", "scoring_elements": "0.9672", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.30602", "scoring_system": "epss", "scoring_elements": "0.96714", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.30602", "scoring_system": "epss", "scoring_elements": "0.96682", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.30602", "scoring_system": "epss", "scoring_elements": "0.96706", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.30602", "scoring_system": "epss", "scoring_elements": "0.96699", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.30602", "scoring_system": "epss", "scoring_elements": "0.96694", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.30602", "scoring_system": "epss", "scoring_elements": "0.96693", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.30602", "scoring_system": "epss", "scoring_elements": "0.96711", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.30602", "scoring_system": "epss", "scoring_elements": "0.96708", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21344" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21344", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21344" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/x-stream/xstream", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/x-stream/xstream" }, { "reference_url": "https://github.com/x-stream/xstream/security/advisories/GHSA-59jw-jqf4-3wq3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-59jw-jqf4-3wq3" }, { "reference_url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21344", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21344" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210430-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210430-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210430-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210430-0002/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-5004" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://x-stream.github.io/CVE-2021-21344.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://x-stream.github.io/CVE-2021-21344.html" }, { "reference_url": "https://x-stream.github.io/security.html#workaround", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://x-stream.github.io/security.html#workaround" }, { "reference_url": "http://x-stream.github.io/changes.html#1.4.16", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://x-stream.github.io/changes.html#1.4.16" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942554", "reference_id": "1942554", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942554" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843", "reference_id": "985843", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843" }, { "reference_url": "https://github.com/advisories/GHSA-59jw-jqf4-3wq3", "reference_id": "GHSA-59jw-jqf4-3wq3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-59jw-jqf4-3wq3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1354", "reference_id": "RHSA-2021:1354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2139", "reference_id": "RHSA-2021:2139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2475", "reference_id": "RHSA-2021:2475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2476", "reference_id": "RHSA-2021:2476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4767", "reference_id": "RHSA-2021:4767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4767" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4918", "reference_id": "RHSA-2021:4918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5134", "reference_id": "RHSA-2021:5134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5134" }, { "reference_url": "https://usn.ubuntu.com/4943-1/", "reference_id": "USN-4943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4943-1/" }, { "reference_url": "https://usn.ubuntu.com/6978-1/", "reference_id": "USN-6978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6978-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2021-21344", "GHSA-59jw-jqf4-3wq3" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nrf7-heu6-vfdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42043?format=api", "vulnerability_id": "VCID-qh44-75jb-wbhf", "summary": "XStream is vulnerable to a Remote Command Execution attack\n### Impact\nThe vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21345](https://x-stream.github.io/CVE-2021-21345.html).\n\n### Credits\n钟潦贵 (Liaogui Zhong) found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21345.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21345.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21345", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.88091", "scoring_system": "epss", "scoring_elements": "0.99494", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.88091", "scoring_system": "epss", "scoring_elements": "0.99493", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.88091", "scoring_system": "epss", "scoring_elements": "0.99492", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.88091", "scoring_system": "epss", "scoring_elements": "0.99479", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.88091", "scoring_system": "epss", "scoring_elements": "0.99491", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.88091", "scoring_system": "epss", "scoring_elements": "0.9949", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.88091", "scoring_system": "epss", "scoring_elements": "0.99489", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.88091", "scoring_system": "epss", "scoring_elements": "0.99488", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.88091", "scoring_system": "epss", "scoring_elements": "0.99486", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.88091", "scoring_system": "epss", "scoring_elements": "0.99485", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.88091", "scoring_system": "epss", "scoring_elements": "0.99484", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.88091", "scoring_system": "epss", "scoring_elements": "0.99483", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.88091", "scoring_system": "epss", "scoring_elements": "0.99481", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21345" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21345" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/x-stream/xstream", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/x-stream/xstream" }, { "reference_url": "https://github.com/x-stream/xstream/security/advisories/GHSA-hwpc-8xqv-jvj4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-hwpc-8xqv-jvj4" }, { "reference_url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21345", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21345" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210430-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210430-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210430-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210430-0002/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-5004" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://x-stream.github.io/CVE-2021-21345.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://x-stream.github.io/CVE-2021-21345.html" }, { "reference_url": "https://x-stream.github.io/security.html#workaround", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://x-stream.github.io/security.html#workaround" }, { "reference_url": "http://x-stream.github.io/changes.html#1.4.16", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://x-stream.github.io/changes.html#1.4.16" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942558", "reference_id": "1942558", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942558" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843", "reference_id": "985843", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843" }, { "reference_url": "https://github.com/advisories/GHSA-hwpc-8xqv-jvj4", "reference_id": "GHSA-hwpc-8xqv-jvj4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hwpc-8xqv-jvj4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1354", "reference_id": "RHSA-2021:1354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2139", "reference_id": "RHSA-2021:2139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2475", "reference_id": "RHSA-2021:2475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2476", "reference_id": "RHSA-2021:2476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4767", "reference_id": "RHSA-2021:4767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4767" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4918", "reference_id": "RHSA-2021:4918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5134", "reference_id": "RHSA-2021:5134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5134" }, { "reference_url": "https://usn.ubuntu.com/4943-1/", "reference_id": "USN-4943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4943-1/" }, { "reference_url": "https://usn.ubuntu.com/6978-1/", "reference_id": "USN-6978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6978-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2021-21345", "GHSA-hwpc-8xqv-jvj4" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qh44-75jb-wbhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41968?format=api", "vulnerability_id": "VCID-vpxs-6wcf-ckh9", "summary": "XStream is vulnerable to an Arbitrary Code Execution attack\n### Impact\nThe vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21346](https://x-stream.github.io/CVE-2021-21346.html).\n\n### Credits\nwh1t3p1g G5-RD6@IIE found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21346.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21346.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21346", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.88014", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.87983", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.8785", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.8784", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.87971", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.87974", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.87957", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.87934", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.87927", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.87863", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.87943", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.87932", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.87866", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.87888", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.87894", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.87906", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.87899", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.87898", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.87912", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.87911", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03665", "scoring_system": "epss", "scoring_elements": "0.8791", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21346" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21346" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/x-stream/xstream", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/x-stream/xstream" }, { "reference_url": "https://github.com/x-stream/xstream/security/advisories/GHSA-4hrm-m67v-5cxr", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-4hrm-m67v-5cxr" }, { "reference_url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21346", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21346" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210430-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210430-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210430-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210430-0002/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-5004" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://x-stream.github.io/CVE-2021-21346.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://x-stream.github.io/CVE-2021-21346.html" }, { "reference_url": "https://x-stream.github.io/security.html#workaround", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://x-stream.github.io/security.html#workaround" }, { "reference_url": "http://x-stream.github.io/changes.html#1.4.16", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://x-stream.github.io/changes.html#1.4.16" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942578", "reference_id": "1942578", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942578" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843", "reference_id": "985843", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843" }, { "reference_url": "https://github.com/advisories/GHSA-4hrm-m67v-5cxr", "reference_id": "GHSA-4hrm-m67v-5cxr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4hrm-m67v-5cxr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1354", "reference_id": "RHSA-2021:1354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2139", "reference_id": "RHSA-2021:2139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2475", "reference_id": "RHSA-2021:2475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2476", "reference_id": "RHSA-2021:2476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4767", "reference_id": "RHSA-2021:4767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4767" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4918", "reference_id": "RHSA-2021:4918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5134", "reference_id": "RHSA-2021:5134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5134" }, { "reference_url": "https://usn.ubuntu.com/4943-1/", "reference_id": "USN-4943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4943-1/" }, { "reference_url": "https://usn.ubuntu.com/6978-1/", "reference_id": "USN-6978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6978-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2021-21346", "GHSA-4hrm-m67v-5cxr" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vpxs-6wcf-ckh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42030?format=api", "vulnerability_id": "VCID-xdpy-sx55-b3ac", "summary": "XStream is vulnerable to an Arbitrary Code Execution attack\n### Impact\nThe vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21347](https://x-stream.github.io/CVE-2021-21347.html).\n\n### Credits\nThe vulnerability was discovered and reported by threedr3am.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21347.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21347.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21347", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.87332", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.87297", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.87282", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.87287", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.87268", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.87256", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.87236", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.8721", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.87191", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.87185", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.87165", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.87168", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.87151", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.8714", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.87233", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.87227", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.87208", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.87215", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.87194", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.87199", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03287", "scoring_system": "epss", "scoring_elements": "0.87205", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21347" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21347", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21347" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/x-stream/xstream", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/x-stream/xstream" }, { "reference_url": "https://github.com/x-stream/xstream/security/advisories/GHSA-qpfq-ph7r-qv6f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-qpfq-ph7r-qv6f" }, { "reference_url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21347", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21347" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210430-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210430-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210430-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210430-0002/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-5004" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://x-stream.github.io/CVE-2021-21347.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://x-stream.github.io/CVE-2021-21347.html" }, { "reference_url": "https://x-stream.github.io/security.html#workaround", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://x-stream.github.io/security.html#workaround" }, { "reference_url": "http://x-stream.github.io/changes.html#1.4.16", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://x-stream.github.io/changes.html#1.4.16" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942629", "reference_id": "1942629", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942629" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843", "reference_id": "985843", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843" }, { "reference_url": "https://github.com/advisories/GHSA-qpfq-ph7r-qv6f", "reference_id": "GHSA-qpfq-ph7r-qv6f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qpfq-ph7r-qv6f" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1354", "reference_id": "RHSA-2021:1354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2139", "reference_id": "RHSA-2021:2139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2475", "reference_id": "RHSA-2021:2475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2476", "reference_id": "RHSA-2021:2476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4767", "reference_id": "RHSA-2021:4767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4767" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4918", "reference_id": "RHSA-2021:4918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5134", "reference_id": "RHSA-2021:5134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5134" }, { "reference_url": "https://usn.ubuntu.com/4943-1/", "reference_id": "USN-4943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4943-1/" }, { "reference_url": "https://usn.ubuntu.com/6978-1/", "reference_id": "USN-6978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6978-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2021-21347", "GHSA-qpfq-ph7r-qv6f" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xdpy-sx55-b3ac" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/xstream@1.3.1-13%3Farch=el7_9" }