XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
07 Nov 2023, 03:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-05-28 21:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-29505
Mitre link : CVE-2021-29505
CVE.ORG link : CVE-2021-29505
JSON object : View
Products Affected
oracle
- business_activity_monitoring
- retail_xstore_point_of_service
- banking_corporate_lending_process_management
- webcenter_portal
- communications_brm_-_elastic_charging_engine
- communications_unified_inventory_management
- enterprise_manager_ops_center
- banking_credit_facilities_process_management
- webcenter_sites
- banking_supply_chain_finance
- banking_cash_management
- banking_trade_finance_process_management
netapp
- snapmanager
debian
- debian_linux
xstream_project
- xstream
fedoraproject
- fedora