XStream 代码问题漏洞

admin

0
文章

0
评论

2022-07-14 07:02:55 CNNVD漏洞来源：ZONE.CI 全球网 0 阅读模式

漏洞信息详情

XStream 代码问题漏洞

CNNVD编号：CNNVD-202103-1282
危害等级：超危
CVE编号： CVE-2021-21347
漏洞类型：代码问题
发布时间： 2021-03-22
威胁类型：远程
更新时间： 2022-02-09
厂商：
漏洞来源： Red Hat

漏洞简介

XStream是XStream（Xstream）团队的一个轻量级的、简单易用的开源Java类库，它主要用于将对象序列化成XML（jsON）或反序列化为对象。

XStream 1.4.16之前版本存在代码问题漏洞，该漏洞允许远程攻击者仅通过操作已处理的输入流，就可以从远程主机加载和执行任意代码。

漏洞公告

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：

http://x-stream.github.io/changes.HTML#1.4.16

参考网址

来源:MLIST

链接:https://lists.apache.org/thread.HTML/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E

来源:MISC

链接:https://x-stream.github.io/security.HTML#workaround

来源:MISC

链接:https://www.oracle.com/security-alerts/cpujan2022.HTML

来源:MISC

链接:https://x-stream.github.io/CVE-2021-21347.HTML

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2021/04/msg00002.HTML

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/

来源:MISC

链接:http://x-stream.github.io/changes.HTML#1.4.16

来源:CONFIRM

链接:https://github.com/x-stream/xstream/security/advisories/GHSA-qpfq-ph7r-qv6f

来源:CONFIRM

链接:https://security.netapp.com/advisory/ntap-20210430-0002/

来源:MLIST

链接:https://lists.apache.org/thread.HTML/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E

来源:N/A

链接:https://www.oracle.com//security-alerts/cpujul2021.HTML

来源:DEBIAN

链接:https://www.debian.org/security/2021/dsa-5004

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/

来源:MISC

链接:https://www.oracle.com/security-alerts/cpuoct2021.HTML

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1821

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-xstream-2/

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021042608

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1405

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-xstream-java-openssl-websphere-application-server-liberty-and-node-js-affect-ibm-spectrum-control/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1594

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021062145

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.4105

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2185

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/6525260

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/165052/Red-Hat-Security-Advisory-2021-4767-01.HTML

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/165134/Red-Hat-Security-Advisory-2021-4918-03.HTML

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1939

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2021-21347

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-xstream-2/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162329/Red-Hat-Security-Advisory-2021-1354-01.HTML

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2349

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1138

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3837

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021043019

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-mongodb-node-js-docker-and-xstream-affect-ibm-spectrum-protect-plus/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3984

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.4253

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/163201/Red-Hat-Security-Advisory-2021-2475-01.HTML

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162839/Red-Hat-Security-Advisory-2021-2139-01.HTML

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/Xstream-multiple-vulnerabilities-35003

受影响实体

暂无

补丁

XStream 代码问题漏洞的修复措施

特别声明

本站(ZONE.CI)所有文章仅供技术研究，若将其信息做其他用途，由用户承担全部法律及连带责任，本站不承担任何法律及连带责任，请遵守中华人民共和国安全法.

ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带

咨询加Q：999999999

ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带

ZONE.CI 全球网安全领域涉猎者-乌云独行地带

ZONE.CI 全球网

Plugins

WordPress

Web前端

设计资源

XStream 代码问题漏洞

漏洞信息详情

XStream 代码问题漏洞

漏洞简介

漏洞公告

参考网址

受影响实体

补丁

XStream 代码问题漏洞

XStream 代码问题漏洞

NEC UNIVERGE Aspire UX 安全漏洞

Red Hat Descision Manager 7 安全漏洞

SAP 3D Visual Enterprise Viewer 输入验证错误漏洞

SAP 3D Visual Enterprise Viewer 安全漏洞

Privoxy 安全漏洞

Linux kernel 安全漏洞

多款Netgear产品缓冲区错误漏洞

Netgear NETGEAR 授权问题漏洞

ZONE.CI 全球网