漏洞信息详情
XStream 代码问题漏洞
- CNNVD编号:CNNVD-202105-1981 <!--
- 危害等级: 高危-->
- 危害等级: 高危
- CVE编号: CVE-2021-29505
- 漏洞类型: 代码问题
- 发布时间: 2021-05-28
- 威胁类型: 远程
- 更新时间: 2021-11-25
- 厂 商:
- 漏洞来源:
-
漏洞简介
XStream是XStream(Xstream)团队的一个轻量级的、简单易用的开源Java类库,它主要用于将对象序列化成XML(JSON)或反序列化为对象。
XStream存在代码问题漏洞,该漏洞允许远程攻击者有足够的权限仅通过操纵处理后的输入流来执行主机的命令。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc
参考网址
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20210708-0007/
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2021/07/msg00004.html
来源:DEBIAN
链接:https://www.debian.org/security/2021/dsa-5004
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
来源:MISC
链接:https://github.com/x-stream/xstream/commit/24fac82191292c6ae25f94508d28b9823f83624f
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
来源:CONFIRM
链接:https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
来源:MISC
链接:https://www.oracle.com/security-alerts/cpuoct2021.html
来源:MLIST
链接:https://lists.apache.org/thread.html/r8ee51debf7fd184b6a6b020dc31df25118b0aa612885f12fbe77f04f@%3Cdev.jmeter.apache.org%3E
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6495929
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6483053
来源:www.oracle.com
链接:https://www.oracle.com/security-alerts/cpuoct2021.html
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Xstream-code-execution-via-Input-Stream-Manipulation-35722
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021071389
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3837
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6509588
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-mongodb-node-js-docker-and-xstream-affect-ibm-spectrum-protect-plus/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3984
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021071218
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2356
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2179
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021101937
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163476/Red-Hat-Security-Advisory-2021-2683-01.html
受影响实体
暂无
补丁
- XStream 代码问题漏洞的修复措施<!--2021-5-28-->
还没有评论,来说两句吧...