From 409b59af212fa722b3622945e324d6737fefbd81 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sun, 9 Apr 2023 03:30:42 +0000 Subject: [PATCH] Auto Generated CVE annotations [Sun Apr 9 03:30:42 UTC 2023] :robot: --- cves/2021/CVE-2021-29505.yaml | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/cves/2021/CVE-2021-29505.yaml b/cves/2021/CVE-2021-29505.yaml index d1181569d9..79c3feb217 100644 --- a/cves/2021/CVE-2021-29505.yaml +++ b/cves/2021/CVE-2021-29505.yaml @@ -1,22 +1,22 @@ id: CVE-2021-29505 -info: - name: XStream < 1.4.17 - Remote Code Execution - author: pwnhxl - severity: high - description: | - XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. - reference: - - https://paper.seebug.org/1543/ - - https://github.com/vulhub/vulhub/blob/master/xstream/CVE-2021-29505/README.zh-cn.md - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29505 - - https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2021-29505 - cwe-id: CWE-94,CWE-502 - tags: oast,vulhub,cve,cve2021,xstream,deserialization,rce +info: + name: XStream < 1.4.17 - Remote Code Execution + author: pwnhxl + severity: high + description: | + XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. + reference: + - https://paper.seebug.org/1543/ + - https://github.com/vulhub/vulhub/blob/master/xstream/CVE-2021-29505/README.zh-cn.md + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29505 + - https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-29505 + cwe-id: CWE-94,CWE-502 + tags: oast,vulhub,cve,cve2021,xstream,deserialization,rce requests: - raw: - |