漏洞信息详情
XStream 代码问题漏洞
- CNNVD编号:CNNVD-202108-1898
- 危害等级: 高危
- CVE编号: CVE-2021-39149
- 漏洞类型: 代码问题
- 发布时间: 2021-08-23
- 威胁类型: 远程
- 更新时间: 2022-04-21
- 厂 商:
- 漏洞来源:
漏洞简介
XStream是XStream(Xstream)团队的一个轻量级的、简单易用的开源Java类库,它主要用于将对象序列化成XML(jsON)或反序列化为对象。
XStream 1.4.18之前版本存在代码问题漏洞,攻击者可利用该漏洞通过操纵已处理的输入流从远程主机加载和执行任意代码
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://x-stream.github.io/CVE-2021-39149.HTML
参考网址
来源:MISC
链接:https://x-stream.github.io/CVE-2021-39149.HTML
来源:DEBIAN
链接:https://www.debian.org/security/2021/dsa-5004
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
来源:MISC
链接:https://www.oracle.com/security-alerts/cpujan2022.HTML
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2021/09/msg00017.HTML
来源:MISC
链接:https://www.oracle.com/security-alerts/cpuapr2022.HTML
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20210923-0003/
来源:CONFIRM
链接:https://github.com/x-stream/xstream/security/advisories/GHSA-3ccq-5vw3-2p6x
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3984
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.4105
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164611/Red-Hat-Security-Advisory-2021-3956-01.HTML
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6525260
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/165733/Red-Hat-Security-Advisory-2022-0296-03.HTML
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/165980/Red-Hat-Security-Advisory-2022-0520-01.HTML
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/XStream-multiple-vulnerabilities-36548
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3547
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3251
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3508
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3837
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.0644
受影响实体
暂无
补丁
- XStream 代码问题漏洞的修复措施
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论