CVE-2021-21341

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-21341
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-21341.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-21341
Aliases
Downstream
Related
Published
2021-03-23T00:15:12.380Z
Modified
2026-05-10T04:14:19.308181762Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "fixed": "5.15.14"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:apache:activemq:5.16.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "5.16.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:apache:activemq:5.16.1:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "5.16.1"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "2.10.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "2.12.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "2.12.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "2.4.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "2.7.1"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "2.9.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:business_activity_monitoring:11.1.1.9.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "11.1.1.9.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.3.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "12.2.1.3.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "12.2.1.4.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0.0.3.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "12.0.0.3.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "7.3.2"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "7.3.4"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "7.3.5"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "7.4.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "7.4.1"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "16.0.6"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "17.0.4"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "18.0.3"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "19.0.2"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "11.1.1.9.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "12.2.1.3.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "12.2.1.4.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "10.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "11.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "33"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "34"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "35"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/apache/jmeter

Affected ranges

Type
GIT
Repo
https://github.com/apache/jmeter
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7153c74dd0e860d0ca3825cc5a23e976e0242b6e
Database specific 
{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:apache:jmeter:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.5"
        }
    ]
}

Affected versions

5.*
5.2-rc4
rel/v5.*
rel/v5.2
rel/v5.2.1
rel/v5.3
rel/v5.4
rel/v5.4.1
v5.*
v5.2-rc1
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2.1-rc1
v5.2.1-rc4
v5.2.1-rc5
v5.3-rc1
v5.4-rc1
v5.4-rc2
v5.4.1-rc1
v5.4.1-rc2
v5.5-rc1
v5.5-rc2
Other
v5_2_RC1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-21341.json"

Git / github.com/x-stream/xstream

Affected ranges

Type
GIT
Repo
https://github.com/x-stream/xstream
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3dd9cc610199802e4f13bd49b02a9f99adaba145
Database specific 
{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:xstream:xstream:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.4.16"
        }
    ]
}

Affected versions

Other
XSTREAM_1_4_10
XSTREAM_1_4_11
XSTREAM_1_4_11_1
XSTREAM_1_4_12
XSTREAM_1_4_13
XSTREAM_1_4_14
XSTREAM_1_4_15
XSTREAM_1_4_5
XSTREAM_1_4_9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-21341.json"