漏洞信息详情
XStream 代码问题漏洞
- CNNVD编号:CNNVD-202103-1244 <!--
- 危害等级: 超危-->
- 危害等级: 超危
- CVE编号: CVE-2021-21342
- 漏洞类型: 代码问题
- 发布时间: 2021-03-22
- 威胁类型: 远程
- 更新时间: 2021-11-25
- 厂 商:
- 漏洞来源: Ubuntu
-
漏洞简介
XStream是XStream(Xstream)团队的一个轻量级的、简单易用的开源Java类库,它主要用于将对象序列化成XML(JSON)或反序列化为对象。
XStream 存在代码问题漏洞,攻击者可利用该漏洞可以操纵已处理的输入流并替换或注入对象,从而导致服务器端伪造请求。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
http://x-stream.github.io/changes.html#1.4.16
参考网址
来源:MLIST
链接:https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E
来源:MISC
链接:https://x-stream.github.io/security.html#workaround
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
来源:MISC
链接:https://x-stream.github.io/CVE-2021-21342.html
来源:MISC
链接:http://x-stream.github.io/changes.html#1.4.16
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20210430-0002/
来源:MLIST
链接:https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E
来源:N/A
链接:https://www.oracle.com//security-alerts/cpujul2021.html
来源:DEBIAN
链接:https://www.debian.org/security/2021/dsa-5004
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
来源:MISC
链接:https://www.oracle.com/security-alerts/cpuoct2021.html
来源:CONFIRM
链接:https://github.com/x-stream/xstream/security/advisories/GHSA-hvv8-336g-rx3m
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1939
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-xstream-2/
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2021-21342
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1821
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2349
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-xstream-2/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1138
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021042607
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3837
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-xstream-java-openssl-websphere-application-server-liberty-and-node-js-affect-ibm-spectrum-control/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1594
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162527/Ubuntu-Security-Notice-USN-4943-1.html
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021062145
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-mongodb-node-js-docker-and-xstream-affect-ibm-spectrum-protect-plus/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3984
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2185
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163201/Red-Hat-Security-Advisory-2021-2475-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162839/Red-Hat-Security-Advisory-2021-2139-01.html
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Xstream-multiple-vulnerabilities-35003
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/165052/Red-Hat-Security-Advisory-2021-4767-01.html
受影响实体
暂无
补丁
- XStream 代码问题漏洞的修复措施<!--2021-3-22-->
还没有评论,来说两句吧...