prabhu/recent-xstream.md

## recent-xstream.md

      
    Raw
  

              recent-xstream.md
            
          
CVE
Description
CVSS 3 Base score


CVE-2021-29505
XStream is vulnerable to a Remote Command Execution attack.
8.8


CVE-2021-21341
XStream can cause a Denial of Service.
7.5


CVE-2021-21342
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host.
9.1


CVE-2021-21343
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights.
7.5


CVE-2021-21344
XStream is vulnerable to an Arbitrary Code Execution attack.
9.8


CVE-2021-21345
XStream is vulnerable to a Remote Command Execution attack.
9.9


CVE-2021-21346
XStream is vulnerable to an Arbitrary Code Execution attack.
9.8


CVE-2021-21347
XStream is vulnerable to an Arbitrary Code Execution attack.
9.8


CVE-2021-21348
XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos).
7.5


CVE-2021-21349
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host.
8.6


CVE-2021-21350
XStream is vulnerable to an Arbitrary Code Execution attack.
9.8


CVE-2021-21351
XStream is vulnerable to an Arbitrary Code Execution attack.
9.1


CVE-2020-26258
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host.
7.7


CVE-2020-26259
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights.
6.8


CVE-2020-26217
XStream can be used for Remote Code Execution.
8.8
CVE	Description	CVSS 3 Base score
CVE-2021-29505	XStream is vulnerable to a Remote Command Execution attack.	8.8
CVE-2021-21341	XStream can cause a Denial of Service.	7.5
CVE-2021-21342	A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host.	9.1
CVE-2021-21343	XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights.	7.5
CVE-2021-21344	XStream is vulnerable to an Arbitrary Code Execution attack.	9.8
CVE-2021-21345	XStream is vulnerable to a Remote Command Execution attack.	9.9
CVE-2021-21346	XStream is vulnerable to an Arbitrary Code Execution attack.	9.8
CVE-2021-21347	XStream is vulnerable to an Arbitrary Code Execution attack.	9.8
CVE-2021-21348	XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos).	7.5
CVE-2021-21349	A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host.	8.6
CVE-2021-21350	XStream is vulnerable to an Arbitrary Code Execution attack.	9.8
CVE-2021-21351	XStream is vulnerable to an Arbitrary Code Execution attack.	9.1
CVE-2020-26258	A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host.	7.7
CVE-2020-26259	XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights.	6.8
CVE-2020-26217	XStream can be used for Remote Code Execution.	8.8