Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2021-21344

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
debian / debian_linux 9.0 9.0.x
debian / debian_linux 10.0 10.0.x
debian / debian_linux 11.0 11.0.x
fedoraproject / fedora 33 33.x
fedoraproject / fedora 34 34.x
fedoraproject / fedora 35 35.x
oracle / banking_platform 2.4.0 2.4.0.x
oracle / webcenter_portal 12.2.1.3.0 12.2.1.3.0.x
oracle / webcenter_portal 11.1.1.9.0 11.1.1.9.0.x
oracle / communications_unified_inventory_management 7.3.2 7.3.2.x
oracle / communications_unified_inventory_management 7.3.4 7.3.4.x
oracle / communications_unified_inventory_management 7.3.5 7.3.5.x
oracle / communications_unified_inventory_management 7.4.0 7.4.0.x
oracle / communications_policy_management 12.5.0 12.5.0.x
oracle / webcenter_portal 12.2.1.4.0 12.2.1.4.0.x
oracle / banking_platform 2.7.1 2.7.1.x
oracle / banking_platform 2.9.0 2.9.0.x
oracle / banking_virtual_account_management 14.3.0 14.3.0.x
oracle / communications_billing_and_revenue_management_elastic_charging_engine 12.0.0.3.0 12.0.0.3.0.x
oracle / business_activity_monitoring 12.2.1.3.0 12.2.1.3.0.x
oracle / business_activity_monitoring 11.1.1.9.0 11.1.1.9.0.x
oracle / business_activity_monitoring 12.2.1.4.0 12.2.1.4.0.x
oracle / communications_unified_inventory_management 7.4.1 7.4.1.x
oracle / retail_xstore_point_of_service 16.0.6 16.0.6.x
oracle / retail_xstore_point_of_service 17.0.4 17.0.4.x
oracle / retail_xstore_point_of_service 18.0.3 18.0.3.x
oracle / retail_xstore_point_of_service 19.0.2 19.0.2.x
oracle / banking_platform 2.12.0 2.12.0.x
oracle / banking_virtual_account_management 14.2.0 14.2.0.x
oracle / banking_virtual_account_management 14.5.0 14.5.0.x
oracle / banking_enterprise_default_management 2.12.0 2.12.0.x
oracle / banking_enterprise_default_management 2.10.0 2.10.0.x
oracle / mysql_server 8.0.0 8.0.27.x
oracle / mysql_server - 5.7.36.x
com.thoughtworks.xstream / xstream - 1.4.16
apache / activemq - 5.15.14
apache / activemq 5.16.0 5.16.0.x
apache / activemq 5.16.1 5.16.1.x
apache / jmeter - 5.5
xstream / xstream - 1.4.16