Lucene search
K

4 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.3 views

SUSE CVE-2021-39141

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

8.1CVSS7.9AI score0.16118EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2021/11/23 10:34 a.m.3 views

XStream: arbitrary file deletion on the local host when unmarshalling

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

6.8CVSS7.5AI score0.82392EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2021/06/17 1:14 p.m.6 views

XStream: SSRF via crafted input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

9.1CVSS7.4AI score0.4999EPSS
Exploits1References4
OSV
OSV
added 2021/03/22 11:29 p.m.4 views

GHSA-56P8-3FH9-4CVQ XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)

Impact The vulnerability may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. Patches If you rely on...

5.3CVSS6.7AI score0.13832EPSS
Exploits0References17
Rows per page
Query Builder