Auto Generated CVE annotations [Thu Apr 6 06:09:08 UTC 2023] 🤖
parent
f416d3d249
commit
9e3440108e
|
@ -1,22 +1,22 @@
|
|||
id: CVE-2021-29505
|
||||
|
||||
info:
|
||||
name: XStream > 1.4.17 - Remote Code Execution
|
||||
author: pwnhxl
|
||||
severity: high
|
||||
description: |
|
||||
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream.
|
||||
reference:
|
||||
- https://paper.seebug.org/1543/
|
||||
- https://github.com/vulhub/vulhub/blob/master/xstream/CVE-2021-29505/README.zh-cn.md
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29505
|
||||
- https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
cve-id: CVE-2021-29505
|
||||
cwe-id: CWE-94,CWE-502
|
||||
tags: oast,vulhub,cve,cve2021,xstream,deserialization,rce
|
||||
info:
|
||||
name: XStream > 1.4.17 - Remote Code Execution
|
||||
author: pwnhxl
|
||||
severity: high
|
||||
description: |
|
||||
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream.
|
||||
reference:
|
||||
- https://paper.seebug.org/1543/
|
||||
- https://github.com/vulhub/vulhub/blob/master/xstream/CVE-2021-29505/README.zh-cn.md
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29505
|
||||
- https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
cve-id: CVE-2021-29505
|
||||
cwe-id: CWE-94,CWE-502
|
||||
tags: oast,vulhub,cve,cve2021,xstream,deserialization,rce
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
|
|
Loading…
Reference in New Issue