What is CVE-2021-39154?

CVE-2021-39154 is a high-severity vulnerability in X-stream Xstream, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 8.5/10. Published 2021-08-23.

How severe is CVE-2021-39154?

High severity. CVSS v3 base score is 8.5 out of 10.

Arbitrary file upload in X-stream Xstream

CVE-2021-39154

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stre…

Vulnerability class: Unrestricted File Upload

EPSS: 0.007 (72.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

X-stream Xstream — versions < 1.4.18

Weakness classification (CWE)

References

github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68 (x_refsource_CONFIRM)
x-stream.github.io/CVE-2021-39154.html (x_refsource_MISC)
[debian-lts-announce] 20210929 [SECURITY] [DLA 2769-1] libxstream-java security update (mailing-list, x_refsource_MLIST)
FEDORA-2021-fbad11014a (vendor-advisory, x_refsource_FEDORA)
FEDORA-2021-d894ca87dc (vendor-advisory, x_refsource_FEDORA)
FEDORA-2021-5e376c0ed9 (vendor-advisory, x_refsource_FEDORA)
DSA-5004 (vendor-advisory, x_refsource_DEBIAN)
www.oracle.com/security-alerts/cpujan2022.html (x_refsource_MISC)
security.netapp.com/advisory/ntap-20210923-0003/ (x_refsource_CONFIRM)
www.oracle.com/security-alerts/cpuapr2022.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-39154?: CVE-2021-39154 is a high-severity vulnerability in X-stream Xstream, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 8.5/10. Published 2021-08-23.
How severe is CVE-2021-39154?: High severity. CVSS v3 base score is 8.5 out of 10.