CVE-2021-43859
Severity
7.5HIGH
EPSS
1.9%
top 16.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 1
Latest updateJul 15
Description
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages13 packages
Also affects: Debian Linux 9.0, Fedora 34, 35
Patches
🔴Vulnerability Details
5OSV▶
CVE-2021-43859: XStream is an open source java library to serialize objects to XML and back again↗2022-02-01
📋Vendor Advisories
9Oracle▶
Oracle Oracle Communications Applications Risk Matrix: Security (XStream) — CVE-2021-43859↗2023-07-15
Oracle▶
Oracle Oracle Financial Services Applications Risk Matrix: Infrastructure (XStream) — CVE-2021-43859↗2023-04-15
Oracle▶
Oracle Oracle Communications Applications Risk Matrix: EM Gateway (XStream) — CVE-2021-43859↗2022-07-15
Oracle▶
Oracle Oracle Communications Risk Matrix: Visualization, Database (XStream) — CVE-2021-43859↗2022-04-15