VDB
RHSA-2023%3A1303
RHSA-2023%3A1303
PUBLISHED
CVSS 8.5 HIGH
A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream.
Risk Scores
CVSS 3.1
8.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Data Grid 7.3.10 |
Timeline
- Mar 17, 2023 CVE Published
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:1303 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381&product=data.grid&version=7.3&downloadType=patches advisory
- https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1997772 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1303.json advisory
- https://access.redhat.com/security/cve/CVE-2021-39144 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-39144 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-39144 advisory
- https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog exploit