Количество 10
Количество 10
CVE-2021-39139
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
CVE-2021-39139
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
CVE-2021-39139
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
CVE-2021-39139
XStream is a simple library to serialize objects to XML and back again ...
GHSA-64xx-cq4q-mf44
XStream is vulnerable to an Arbitrary Code Execution attack
BDU:2022-00708
Уязвимость Java-библиотеки для преобразования объектов в XML или JSON формат XStream , связанная с недостатками механизма десериализации, позволяющая нарушителю выполнить произвольный код
openSUSE-SU-2021:3476-1
Security update for xstream
openSUSE-SU-2021:1401-1
Security update for xstream
SUSE-SU-2021:3476-1
Security update for xstream
ELSA-2021-3956
ELSA-2021-3956: xstream security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-39139 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | CVSS3: 8.5 | 1% Низкий | больше 4 лет назад |
 | CVE-2021-39139 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | CVSS3: 8.5 | 1% Низкий | больше 4 лет назад |
 | CVE-2021-39139 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | CVSS3: 8.5 | 1% Низкий | больше 4 лет назад |
| CVE-2021-39139 XStream is a simple library to serialize objects to XML and back again ... | CVSS3: 8.5 | 1% Низкий | больше 4 лет назад |
| GHSA-64xx-cq4q-mf44 XStream is vulnerable to an Arbitrary Code Execution attack | CVSS3: 8.5 | 1% Низкий | больше 4 лет назад |
 | BDU:2022-00708 Уязвимость Java-библиотеки для преобразования объектов в XML или JSON формат XStream , связанная с недостатками механизма десериализации, позволяющая нарушителю выполнить произвольный код | CVSS3: 8.8 | 1% Низкий | больше 4 лет назад |
 | openSUSE-SU-2021:3476-1 Security update for xstream | больше 4 лет назад | ||
| openSUSE-SU-2021:1401-1 Security update for xstream | больше 4 лет назад | ||
| SUSE-SU-2021:3476-1 Security update for xstream | больше 4 лет назад | ||
| ELSA-2021-3956 ELSA-2021-3956: xstream security update (IMPORTANT) | больше 4 лет назад |
Уязвимостей на страницу