Veracode Vulnerability DatabaseVERACODE:31795Remote Code Execution (RCE)
0.254 Low
EPSS
Percentile
96.7%
xstream is vulnerable to remote code execution. The vulnerability exists due to the usage of an insecure default blacklist which does not cover all the excluded XStream security framework.
References
github.com/x-stream/xstream/commit/652d72f38b33938c54fd3b2ef626cb7dce38001c
github.com/x-stream/xstream/security/advisories/GHSA-g5w6-mrj7-75h2
lists.debian.org/debian-lts-announce/2021/09/msg00017.html
lists.fedoraproject.org/archives/list/[email protected]/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
lists.fedoraproject.org/archives/list/[email protected]/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
lists.fedoraproject.org/archives/list/[email protected]/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
security.netapp.com/advisory/ntap-20210923-0003/
www.debian.org/security/2021/dsa-5004
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujan2022.html
www.oracle.com/security-alerts/cpujul2022.html
x-stream.github.io/CVE-2021-39141.html
Related
