VDB
BDU%3A2021-05940
BDU%3A2021-05940
PUBLISHED
CVSS 9 CRITICAL
Уязвимость Java-библиотеки Xstream для преобразования объектов в форматы XML или JSON, связанная с неограниченной загрузкой файлов опасного типа, позволяющая нарушителю загружать и выполнять произвольный код с удаленного хоста
Risk Scores
CVSS 2.0
9
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat Inc., Сообщество свободного программного обеспечения, Canonical Ltd., Oracle Corp., Novell Inc., Fedora Project, Xstream Project, Apache Software Foundation, McAfee Inc., АО «Концерн ВНИИНС» | Red Hat Enterprise Linux, Debian GNU/Linux, Ubuntu, Oracle Communications Unified Inventory Management, Red Hat JBoss Fuse, Red Hat Descision Manager, openSUSE Tumbleweed, Red Hat JBoss Data Virtualization, Red Hat BPM Suite, Red Hat JBoss Data Grid, OpenSUSE Leap, Red Hat Process Automation, Fedora, Oracle Business Activity Monitoring, Oracle Banking Platform, Red Hat Integration Camel K, Red Hat Integration Camel Quarkus, XStream, Log4j, Oracle Communications BRM, Oracle Banking Enterprise Default Management, Oracle Retail Xstore Point of Service, Oracle Communications Policy Management, Oracle Banking Virtual Account Management, Red Hat Data Grid, Red Hat CodeReady Studio, Red Hat JBoss A-MQ, Red Hat JBoss BRMS, Red Hat JBoss Fuse Service Works, Red Hat JBoss SOA Platform, Oracle WebCenter Portal, McAfee Web Gateway, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177) |
Timeline
- Dec 9, 2021 CVE Published
- Nov 21, 2023 CVE Updated
- Mar 19, 2026 Distribution Patch
- Mar 19, 2026 Security Advisory
References
- http://x-stream.github.io/changes.html#1.4.16 url
- https://github.com/x-stream/xstream/security/advisories/GHSA-hrcp-8f3q-4w2c url
- https://x-stream.github.io/CVE-2021-21351.html url
- https://x-stream.github.io/security.html#workaround url
- https://security-tracker.debian.org/tracker/CVE-2021-21351 url
- https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html url
- https://lists.apache.org/thread/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3cusers.activemq.apache.org%3e url
- https://issues.apache.org/jira/browse/AMQ-7426 url
- https://ubuntu.com/security/CVE-2021-21351 url
- https://ubuntu.com/security/notices/USN-4943-1 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/ url
- https://www.oracle.com//security-alerts/cpujul2021.html url
- https://www.oracle.com/security-alerts/cpuoct2021.html url
- https://access.redhat.com/security/cve/cve-2021-21351 url
- https://www.suse.com/security/cve/CVE-2021-21351.html url
- https://docs.mcafee.com/ru-RU/bundle/web-gateway-8.2.x-release-notes/page/GUID-66AC8C57-9C6E-4785-994A-641F156C0E0B.html url
- https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023 url