Lucene search

CVE-2021-21348

🗓️ 23 Mar 2021 00:13:15Reported by [email protected]Type

XStream library pre-1.4.16 allows remote attackers to occupy CPU

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 65
Github Security Blog	XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)	22 Mar 202123:29	–	github
Cvelist	CVE-2021-21348 XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)	22 Mar 202123:45	–	cvelist
Prion	Default configuration	23 Mar 202100:15	–	prion
RedhatCVE	CVE-2021-21348	24 Mar 202116:31	–	redhatcve
CNVD	XStream Denial of Service Vulnerability (CNVD-2021-28331)	15 Mar 202100:00	–	cnvd
OSV	XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)	22 Mar 202123:29	–	osv
OSV	CVE-2021-21348	23 Mar 202100:15	–	osv
OSV	libxstream-java - security update	3 Apr 202100:00	–	osv
OSV	USN-6978-1 libxstream-java vulnerabilities	22 Aug 202415:18	–	osv
OSV	libxstream-java vulnerabilities	11 May 202109:41	–	osv

Nvd

Node

xstream_project xstreamRange<1.4.16

Node

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

debian debian_linuxMatch11.0

Node

fedoraproject fedoraMatch33

fedoraproject fedoraMatch34

fedoraproject fedoraMatch35

Node

oracle banking_enterprise_default_managementMatch2.10.0

oracle banking_enterprise_default_managementMatch2.12.0

oracle banking_platformMatch2.4.0

oracle banking_platformMatch2.7.1

oracle banking_platformMatch2.9.0

oracle banking_platformMatch2.12.0

oracle banking_virtual_account_managementMatch14.2.0

oracle banking_virtual_account_managementMatch14.3.0

oracle banking_virtual_account_managementMatch14.5.0

oracle business_activity_monitoringMatch11.1.1.9.0

oracle business_activity_monitoringMatch12.2.1.3.0

oracle business_activity_monitoringMatch12.2.1.4.0

oracle communications_billing_and_revenue_management_elastic_charging_engineMatch12.0.0.3.0

oracle communications_policy_managementMatch12.5.0

oracle communications_unified_inventory_managementMatch7.3.2

oracle communications_unified_inventory_managementMatch7.3.4

oracle communications_unified_inventory_managementMatch7.3.5

oracle communications_unified_inventory_managementMatch7.4.0

oracle communications_unified_inventory_managementMatch7.4.1

oracle mysql_serverRange≤8.0.27

oracle retail_xstore_point_of_serviceMatch16.0.6

oracle retail_xstore_point_of_serviceMatch17.0.4

oracle retail_xstore_point_of_serviceMatch18.0.3

oracle retail_xstore_point_of_serviceMatch19.0.2

oracle webcenter_portalMatch11.1.1.9.0

oracle webcenter_portalMatch12.2.1.3.0

oracle webcenter_portalMatch12.2.1.4.0

Source	Link
lists	www.lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0%40%3Cdev.jmeter.apache.org%3E
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
github	www.github.com/x-stream/xstream/security/advisories/GHSA-56p8-3fh9-4cvq
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
oracle	www.oracle.com//security-alerts/cpujul2021.html
debian	www.debian.org/security/2021/dsa-5004
lists	www.lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3Cusers.activemq.apache.org%3E
security	www.security.netapp.com/advisory/ntap-20210430-0002/
x-stream	www.x-stream.github.io/security.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 Mar 2021 00:15Current

CVSS27.8

CVSS37.5

EPSS0.0019