Lucene search

CVE-2021-21342

🗓️ 23 Mar 2021 00:12:15Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 353 Views

XStream Java library before 1.4.16 allows server-side forgery request via manipulated input stream

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 65
Amazon	Important: xstream	27 Apr 202318:37	–	amazon
OSV	CVE-2021-21342	23 Mar 202100:15	–	osv
OSV	A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host	22 Mar 202123:28	–	osv
OSV	libxstream-java - security update	3 Apr 202100:00	–	osv
OSV	libxstream-java vulnerabilities	11 May 202109:41	–	osv
OSV	USN-6978-1 libxstream-java vulnerabilities	22 Aug 202415:18	–	osv
OSV	OPENSUSE-SU-2024:10592-1 xstream-1.4.18-1.1 on GA media	15 Jun 202400:00	–	osv
Tenable Nessus	Amazon Linux 2 : xstream (ALAS-2023-2030)	2 May 202300:00	–	nessus
Tenable Nessus	RHEL 7 : xstream (Unpatched Vulnerability)	11 May 202400:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : xstream (openSUSE-SU-2021:1840-1)	16 Jul 202100:00	–	nessus

Nvd

Vulners

Node

xstream_project xstreamRange<1.4.16

Node

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

debian debian_linuxMatch11.0

Node

fedoraproject fedoraMatch33

fedoraproject fedoraMatch34

fedoraproject fedoraMatch35

Node

oracle banking_enterprise_default_managementMatch2.10.0

oracle banking_enterprise_default_managementMatch2.12.0

oracle banking_platformMatch2.4.0

oracle banking_platformMatch2.7.1

oracle banking_platformMatch2.9.0

oracle banking_platformMatch2.12.0

oracle banking_virtual_account_managementMatch14.2.0

oracle banking_virtual_account_managementMatch14.3.0

oracle banking_virtual_account_managementMatch14.5.0

oracle business_activity_monitoringMatch11.1.1.9.0

oracle business_activity_monitoringMatch12.2.1.3.0

oracle business_activity_monitoringMatch12.2.1.4.0

oracle communications_brm_-_elastic_charging_engineMatch12.0.0.3

oracle communications_policy_managementMatch12.5.0

oracle communications_unified_inventory_managementMatch7.3.2

oracle communications_unified_inventory_managementMatch7.3.4

oracle communications_unified_inventory_managementMatch7.3.5

oracle communications_unified_inventory_managementMatch7.4.0

oracle communications_unified_inventory_managementMatch7.4.1

oracle retail_xstore_point_of_serviceMatch16.0.6

oracle retail_xstore_point_of_serviceMatch17.0.4

oracle retail_xstore_point_of_serviceMatch18.0.3

oracle retail_xstore_point_of_serviceMatch19.0.2

oracle webcenter_portalMatch11.1.1.9.0

oracle webcenter_portalMatch12.2.1.3.0

oracle webcenter_portalMatch12.2.1.4.0

[
  {
    "product": "xstream",
    "vendor": "x-stream",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.4.16"
      }
    ]
  }
]

Source	Link
oracle	www.oracle.com/security-alerts/cpujan2022.html
oracle	www.oracle.com//security-alerts/cpujul2021.html
lists	www.lists.debian.org/debian-lts-announce/2021/04/msg00002.html
github	www.github.com/x-stream/xstream/security/advisories/GHSA-hvv8-336g-rx3m
security	www.security.netapp.com/advisory/ntap-20210430-0002/
debian	www.debian.org/security/2021/dsa-5004
x-stream	www.x-stream.github.io/security.html
oracle	www.oracle.com/security-alerts/cpuoct2021.html
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
x-stream	www.x-stream.github.io/CVE-2021-21342.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 Mar 2021 00:15Current

7.3High risk

Vulners AI Score7.3

CVSS25.8

CVSS35.3 - 9.1

EPSS0.0519