Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2021-1729

Related Vulnerabilities: CVE-2021-39139   CVE-2021-39140   CVE-2021-39141   CVE-2021-39144   CVE-2021-39145   CVE-2021-39146   CVE-2021-39147   CVE-2021-39148   CVE-2021-39149   CVE-2021-39150   CVE-2021-39151   CVE-2021-39152   CVE-2021-39153   CVE-2021-39154  

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-39139) XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. (CVE-2021-39140) A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-39141) (CVE-2021-39144) (CVE-2021-39145) (CVE-2021-39146) (CVE-2021-39147) (CVE-2021-39148) (CVE-2021-39149) (CVE-2021-39151) (CVE-2021-39153) (CVE-2021-39154) A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-39150) (CVE-2021-39152)

Source

ALAS2-2021-1729

Amazon Linux 2 Security Advisory: ALAS-2021-1729
Advisory Release Date: 2021-12-08 16:28 Pacific
Advisory Updated Date: 2021-12-09 00:41 Pacific
Severity: Important
Issue Overview:

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-39139)

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. (CVE-2021-39140)

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-39141) (CVE-2021-39144) (CVE-2021-39145) (CVE-2021-39146) (CVE-2021-39147) (CVE-2021-39148) (CVE-2021-39149) (CVE-2021-39151) (CVE-2021-39153) (CVE-2021-39154)

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-39150) (CVE-2021-39152)


Affected Packages:

xstream


Issue Correction:
Run yum update xstream to update your system.

New Packages:
noarch:
    xstream-1.3.1-16.amzn2.noarch
    xstream-javadoc-1.3.1-16.amzn2.noarch

src:
    xstream-1.3.1-16.amzn2.src

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started