CVE-2021-21349
- EPSS 46.83%
- Veröffentlicht 23.03.2021 00:15:13
- Zuletzt bearbeitet 23.05.2025 17:42:48
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipul...
CVE-2021-21350
- EPSS 15.23%
- Veröffentlicht 23.03.2021 00:15:13
- Zuletzt bearbeitet 23.05.2025 17:43:08
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is a...
CVE-2021-21346
- EPSS 76.37%
- Veröffentlicht 23.03.2021 00:15:12
- Zuletzt bearbeitet 23.05.2025 17:41:29
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processe...
CVE-2021-21345
- EPSS 72.32%
- Veröffentlicht 23.03.2021 00:15:12
- Zuletzt bearbeitet 23.05.2025 17:41:10
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the proc...
CVE-2021-21344
- EPSS 75.98%
- Veröffentlicht 23.03.2021 00:15:12
- Zuletzt bearbeitet 23.05.2025 17:40:53
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processe...
CVE-2021-21343
- EPSS 46.67%
- Veröffentlicht 23.03.2021 00:15:12
- Zuletzt bearbeitet 23.05.2025 17:40:13
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStr...
CVE-2021-21342
- EPSS 49.99%
- Veröffentlicht 23.03.2021 00:15:12
- Zuletzt bearbeitet 23.05.2025 17:39:23
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStr...
CVE-2021-21341
- EPSS 77.8%
- Veröffentlicht 23.03.2021 00:15:12
- Zuletzt bearbeitet 23.05.2025 17:38:30
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel executio...
CVE-2020-36183
- EPSS 4.89%
- Veröffentlicht 07.01.2021 00:15:15
- Zuletzt bearbeitet 29.04.2026 20:22:05
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
CVE-2020-36182
- EPSS 5.02%
- Veröffentlicht 07.01.2021 00:15:14
- Zuletzt bearbeitet 21.11.2024 05:28:55
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.