| CVE | Description | CVSS 3 Base score |
|---|---|---|
| CVE-2021-29505 | XStream is vulnerable to a Remote Command Execution attack. | 8.8 |
| CVE-2021-21341 | XStream can cause a Denial of Service. | 7.5 |
| CVE-2021-21342 | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host. | 9.1 |
| CVE-2021-21343 | XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights. | 7.5 |
| CVE-2021-21344 | XStream is vulnerable to an Arbitrary Code Execution attack. | 9.8 |
| CVE-2021-21345 | XStream is vulnerable to a Remote Command Execution attack. | 9.9 |
| CVE-2021-21346 | XStream is vulnerable to an Arbitrary Code Execution attack. | 9.8 |
| CVE-2021-21347 | XStream is vulnerable to an Arbitrary Code Execution attack. | 9.8 |
| CVE-2021-21348 | XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos). | 7.5 |
| CVE-2021-21349 | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host. | 8.6 |
| CVE-2021-21350 | XStream is vulnerable to an Arbitrary Code Execution attack. | 9.8 |
| CVE-2021-21351 | XStream is vulnerable to an Arbitrary Code Execution attack. | 9.1 |
| CVE-2020-26258 | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host. | 7.7 |
| CVE-2020-26259 | XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights. | 6.8 |
| CVE-2020-26217 | XStream can be used for Remote Code Execution. | 8.8 |
Known vulnerabilities in Xstream library
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment