VDB
BDU%3A2021-05506
BDU%3A2021-05506
PUBLISHED
CVSS 10 CRITICAL
Уязвимость Java-библиотеки Xstream для преобразования объектов в форматы XML или JSON, связанная с неограниченной загрузкой файлов опасного типа, позволяющая нарушителю выполнить произвольный код
Risk Scores
CVSS 2.0
10
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat Inc., Сообщество свободного программного обеспечения, Canonical Ltd., Oracle Corp., Novell Inc., Fedora Project, Xstream Project, Apache Software Foundation, McAfee Inc. | Red Hat Enterprise Linux, Debian GNU/Linux, Ubuntu, Oracle Communications Unified Inventory Management, Red Hat JBoss Fuse, Red Hat Descision Manager, openSUSE Tumbleweed, Red Hat JBoss Data Virtualization, Red Hat BPM Suite, Red Hat JBoss Data Grid, OpenSUSE Leap, Red Hat Process Automation, Fedora, Oracle Business Activity Monitoring, Oracle Banking Platform, Red Hat Integration Camel K, Red Hat Integration Camel Quarkus, XStream, Log4j, Oracle Communications BRM, Oracle Banking Enterprise Default Management, Oracle Retail Xstore Point of Service, Oracle Communications Policy Management, Oracle Banking Virtual Account Management, Red Hat Data Grid, Red Hat CodeReady Studio, Red Hat JBoss A-MQ, Red Hat JBoss BRMS, Red Hat JBoss Fuse Service Works, Red Hat JBoss SOA Platform, Oracle WebCenter Portal, McAfee Web Gateway |
Timeline
- Nov 17, 2021 CVE Published
- Oct 18, 2023 CVE Updated
- Mar 19, 2026 Distribution Patch
- Mar 19, 2026 Security Advisory
References
- http://x-stream.github.io/changes.html#1.4.16 url
- https://github.com/x-stream/xstream/security/advisories/GHSA-43gc-mjxg-gvrq url
- https://x-stream.github.io/CVE-2021-21350.html url
- https://x-stream.github.io/security.html#workaround url
- https://security-tracker.debian.org/tracker/CVE-2021-21350 url
- https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html url
- https://lists.apache.org/thread/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3cusers.activemq.apache.org%3e url
- https://issues.apache.org/jira/browse/AMQ-7426 url
- https://ubuntu.com/security/CVE-2021-21350 url
- https://ubuntu.com/security/notices/USN-4943-1 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/ url
- https://www.oracle.com//security-alerts/cpujul2021.html url
- https://www.oracle.com/security-alerts/cpuoct2021.htmll url
- https://access.redhat.com/security/cve/cve-2021-21350 url
- https://www.suse.com/security/cve/CVE-2021-21350.html url
- https://docs.mcafee.com/ru-RU/bundle/web-gateway-8.2.x-release-notes/page/GUID-66AC8C57-9C6E-4785-994A-641F156C0E0B.html url