Enhancement: cves/2021/CVE-2021-21345.yaml by md

2023-04-12 14:54:05 -04:00 · 2023-04-12 14:54:05 -04:00 · d29c3be30c
parent 2dd24d2a4a
commit d29c3be30c
1 changed files with 6 additions and 2 deletions
--- a/cves/2021/CVE-2021-21345.yaml
+++ b/cves/2021/CVE-2021-21345.yaml
@ -1,15 +1,17 @@
 id: CVE-2021-21345

 info:
-  name: XStream < 1.4.16  - Remote Code Execution
+  name: XStream <1.4.16  - Remote Code Execution
  author: pwnhxl
  severity: critical
  description: |
-    XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream.
+    XStream before 1.4.16 is susceptible to remote code execution. An attacker who has sufficient rights can execute host commands via manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
  reference:
    - https://x-stream.github.io/CVE-2021-21345.html
    - http://x-stream.github.io/changes.html#1.4.16
    - https://github.com/x-stream/xstream/security/advisories/GHSA-hwpc-8xqv-jvj4
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-21345
+  remediation: Install at least 1.4.16 if you rely on XStream's default blacklist of the Security Framework.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 9.9
@ -95,3 +97,5 @@ requests:
        part: interactsh_request
        words:
          - "User-Agent: {{rand_base(6)}}"
+
+# Enhanced by md on 2023/04/12