Lucene search
K

6 matches found

OSV
OSV
added 2025/12/03 2:35 p.m.5 views

BIT-ACTIVEMQ-2021-21344 XStream is vulnerable to an Arbitrary Code Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

9.8CVSS8.8AI score0.7598EPSS
Exploits1References16
OSV
OSV
added 2025/12/03 2:35 p.m.5 views

BIT-ACTIVEMQ-2021-21343 XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

7.5CVSS6.5AI score0.46666EPSS
Exploits1References16
Snyk
Snyk
added 2024/06/06 2:26 p.m.4 views

Observable Timing Discrepancy

Overview Affected versions of this package are vulnerable to Observable Timing Discrepancy due to the handling of RSA premaster secrets when an invalid secret is received. An attacker can potentially observe timing differences by exploiting the additional processing performed when the premaster...

3.7CVSS6.9AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.3 views

SUSE CVE-2021-21347

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

8.1CVSS8AI score0.14301EPSS
Exploits1References7
OSV
OSV
added 2021/03/23 12:15 a.m.6 views

UBUNTU-CVE-2021-21347

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

9.8CVSS7.2AI score0.14301EPSS
Exploits1References8
OSV
OSV
added 2021/03/22 11:29 p.m.6 views

GHSA-56P8-3FH9-4CVQ XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)

Impact The vulnerability may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. Patches If you rely on...

5.3CVSS6.7AI score0.13832EPSS
Exploits0References17
Rows per page
Query Builder