VDB
BIT-activemq-2021-21343
BIT-activemq-2021-21343
PUBLISHED
CVSS 7.5 HIGH
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | activemq | 0, 5.16.0, 5.16.1 |
Exploit Intelligence
- owasp-exclude.xml (github-poc)
Timeline
- Dec 3, 2025 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch
References
- http://x-stream.github.io/changes.html#1.4.16 url
- https://github.com/x-stream/xstream/security/advisories/GHSA-74cv-f58x-f9wf url
- https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3Cusers.activemq.apache.org%3E url
- https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0%40%3Cdev.jmeter.apache.org%3E url
- https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/ url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/ url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/ url
- https://nvd.nist.gov/vuln/detail/CVE-2021-21343 url
- https://security.netapp.com/advisory/ntap-20210430-0002/ url
- https://www.debian.org/security/2021/dsa-5004 url
- https://www.oracle.com//security-alerts/cpujul2021.html url
- https://www.oracle.com/security-alerts/cpujan2022.html url
- https://www.oracle.com/security-alerts/cpuoct2021.html url
- https://x-stream.github.io/CVE-2021-21343.html url
- https://x-stream.github.io/security.html#workaround url