Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Known vulnerabilities in Xstream library
CVE Description CVSS 3 Base score
CVE-2021-29505 XStream is vulnerable to a Remote Command Execution attack. 8.8
CVE-2021-21341 XStream can cause a Denial of Service. 7.5
CVE-2021-21342 A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host. 9.1
CVE-2021-21343 XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights. 7.5
CVE-2021-21344 XStream is vulnerable to an Arbitrary Code Execution attack. 9.8
CVE-2021-21345 XStream is vulnerable to a Remote Command Execution attack. 9.9
CVE-2021-21346 XStream is vulnerable to an Arbitrary Code Execution attack. 9.8
CVE-2021-21347 XStream is vulnerable to an Arbitrary Code Execution attack. 9.8
CVE-2021-21348 XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos). 7.5
CVE-2021-21349 A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host. 8.6
CVE-2021-21350 XStream is vulnerable to an Arbitrary Code Execution attack. 9.8
CVE-2021-21351 XStream is vulnerable to an Arbitrary Code Execution attack. 9.1
CVE-2020-26258 A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host. 7.7
CVE-2020-26259 XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights. 6.8
CVE-2020-26217 XStream can be used for Remote Code Execution. 8.8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment