Auto Generated CVE annotations [Thu Apr 6 06:09:08 UTC 2023] 🤖

patch-1
GitHub Action 2023-04-06 06:09:08 +00:00
parent f416d3d249
commit 9e3440108e
1 changed files with 17 additions and 17 deletions

View File

@ -1,22 +1,22 @@
id: CVE-2021-29505
info:
name: XStream > 1.4.17 - Remote Code Execution
author: pwnhxl
severity: high
description: |
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream.
reference:
- https://paper.seebug.org/1543/
- https://github.com/vulhub/vulhub/blob/master/xstream/CVE-2021-29505/README.zh-cn.md
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29505
- https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2021-29505
cwe-id: CWE-94,CWE-502
tags: oast,vulhub,cve,cve2021,xstream,deserialization,rce
info:
name: XStream > 1.4.17 - Remote Code Execution
author: pwnhxl
severity: high
description: |
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream.
reference:
- https://paper.seebug.org/1543/
- https://github.com/vulhub/vulhub/blob/master/xstream/CVE-2021-29505/README.zh-cn.md
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29505
- https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2021-29505
cwe-id: CWE-94,CWE-502
tags: oast,vulhub,cve,cve2021,xstream,deserialization,rce
requests:
- raw:
- |