Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

CVE-2021-21349

🗓️ 23 Mar 2021 00:13:15Reported by [email protected]Type 
nvd
 nvd🔗 web.nvd.nist.gov👁 12 Views

XStream Java library vulnerability allows remote attackers to access internal resources by manipulating input strea

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Detection
Refs
ReporterTitlePublishedViews
Family
cve		CVE-2021-21349
23 Mar 202100:15
cve
cnvd		XStream Server-Side Request Forgery Vulnerability
15 Mar 202100:00
cnvd
github		A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
22 Mar 202123:29
github
cvelist		CVE-2021-21349 A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
22 Mar 202123:45
cvelist
veracode		Server-Side Request Forgery (SSRF)
15 Mar 202108:12
veracode
osv		A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
22 Mar 202123:29
osv
osv		CVE-2021-21349
23 Mar 202100:15
osv
osv		libxstream-java - security update
3 Apr 202100:00
osv
osv		libxstream-java vulnerabilities
11 May 202109:41
osv
osv		USN-6978-1 libxstream-java vulnerabilities
22 Aug 202415:18
osv
Rows per page
Nvd
Node
xstream_projectxstreamRange<1.4.16
Node
debiandebian_linuxMatch9.0
OR
debiandebian_linuxMatch10.0
OR
debiandebian_linuxMatch11.0
Node
fedoraprojectfedoraMatch33
OR
fedoraprojectfedoraMatch34
OR
fedoraprojectfedoraMatch35
Node
oraclebanking_enterprise_default_managementMatch2.10.0
OR
oraclebanking_enterprise_default_managementMatch2.12.0
OR
oraclebanking_platformMatch2.4.0
OR
oraclebanking_platformMatch2.7.1
OR
oraclebanking_platformMatch2.9.0
OR
oraclebanking_platformMatch2.12.0
OR
oraclebanking_virtual_account_managementMatch14.2.0
OR
oraclebanking_virtual_account_managementMatch14.3.0
OR
oraclebanking_virtual_account_managementMatch14.5.0
OR
oraclebusiness_activity_monitoringMatch11.1.1.9.0
OR
oraclebusiness_activity_monitoringMatch12.2.1.3.0
OR
oraclebusiness_activity_monitoringMatch12.2.1.4.0
OR
oraclecommunications_billing_and_revenue_management_elastic_charging_engineMatch12.0.0.3.0
OR
oraclecommunications_policy_managementMatch12.5.0
OR
oraclecommunications_unified_inventory_managementMatch7.3.2
OR
oraclecommunications_unified_inventory_managementMatch7.3.4
OR
oraclecommunications_unified_inventory_managementMatch7.3.5
OR
oraclecommunications_unified_inventory_managementMatch7.4.0
OR
oraclecommunications_unified_inventory_managementMatch7.4.1
OR
oraclegraalvmMatch20.3.4enterprise
OR
oraclegraalvmMatch21.3.0enterprise
OR
oraclejava_seMatch7u321
OR
oraclejava_seMatch8u311
OR
oracleretail_xstore_point_of_serviceMatch16.0.6
OR
oracleretail_xstore_point_of_serviceMatch17.0.4
OR
oracleretail_xstore_point_of_serviceMatch18.0.3
OR
oracleretail_xstore_point_of_serviceMatch19.0.2
OR
oraclewebcenter_portalMatch11.1.1.9.0
OR
oraclewebcenter_portalMatch12.2.1.3.0
OR
oraclewebcenter_portalMatch12.2.1.4.0
SourceLink
listswww.lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0%40%3Cdev.jmeter.apache.org%3E
listswww.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
listswww.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
listswww.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
oraclewww.oracle.com//security-alerts/cpujul2021.html
debianwww.debian.org/security/2021/dsa-5004
listswww.lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3Cusers.activemq.apache.org%3E
githubwww.github.com/x-stream/xstream/security/advisories/GHSA-f6hm-88x3-mfjv
securitywww.security.netapp.com/advisory/ntap-20210430-0002/
x-streamwww.x-stream.github.io/security.html
Rows per page

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
23 Mar 2021 00:15Current
CVSS25
CVSS38.6
EPSS0.04099
CWE-918CWE-502
xstreamjava libraryvulnerabilityremote attackersinternal resourcesinput stream manipulationsecurity frameworkwhitelistblacklistversion 1.4.16
12
.json
Report