CVE-2021-43859
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-43859
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-43859.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-43859
- Aliases
- Downstream
- Related
- Published
- 2022-02-01T12:15:08Z
- Modified
- 2025-10-31T22:16:14.565873Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.
- References
-
- http://www.openwall.com/lists/oss-security/2022/02/09/1
- https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846
- https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf
- https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://x-stream.github.io/CVE-2021-43859.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X/
Affected packages
Git / github.com/jenkinsci/jenkins
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jenkinsci/jenkins
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.324-rc
1.325-rc
1.327-rc
1.328-rc
1.502-rc1
1.580.1-rc1
Other
builds/10
builds/100
builds/101
builds/102
builds/103
builds/104
builds/105
builds/106
builds/107
builds/108
builds/109
builds/11
builds/110
builds/111
builds/112
builds/113
builds/114
builds/115
builds/116
builds/117
builds/118
builds/119
builds/12
builds/120
builds/121
builds/122
builds/123
builds/124
builds/125
builds/126
builds/127
builds/128
builds/13
builds/130
builds/131
builds/132
builds/133
builds/134
builds/135
builds/136
builds/137
builds/138
builds/139
builds/14
builds/140
builds/141
builds/142
builds/143
builds/144
builds/145
builds/146
builds/147
builds/148
builds/149
builds/15
builds/150
builds/151
builds/152
builds/153
builds/154
builds/155
builds/156
builds/157
builds/158
builds/16
builds/160
builds/161
builds/162
builds/163
builds/164
builds/165
builds/166
builds/167
builds/168
builds/169
builds/17
builds/170
builds/171
builds/172
builds/173
builds/174
builds/176
builds/177
builds/178
builds/179
builds/18
builds/180
builds/181
builds/182
builds/183
builds/184
builds/185
builds/186
builds/187
builds/188
builds/189
builds/19
builds/190
builds/191
builds/192
builds/193
builds/194
builds/195
builds/196
builds/197
builds/198
builds/199
builds/2
builds/200
builds/201
builds/202
builds/203
builds/204
builds/205
builds/206
builds/207
builds/209
builds/21
builds/210
builds/211
builds/212
builds/213
builds/214
builds/215
builds/216
builds/217
builds/218
builds/219
builds/22
builds/220
builds/221
builds/222
builds/223
builds/224
builds/225
builds/226
builds/227
builds/228
builds/229
builds/23
builds/230
builds/231
builds/232
builds/233
builds/234
builds/235
builds/236
builds/237
builds/238
builds/239
builds/24
builds/240
builds/241
builds/242
builds/243
builds/244
builds/245
builds/246
builds/247
builds/248
builds/249
builds/250
builds/251
builds/254
builds/255
builds/256
builds/257
builds/258
builds/259
builds/26
builds/260
builds/262
builds/263
builds/264
builds/265
builds/266
builds/267
builds/268
builds/269
builds/27
builds/270
builds/271
builds/272
builds/273
builds/274
builds/275
builds/276
builds/277
builds/278
builds/279
builds/28
builds/280
builds/281
builds/282
builds/283
builds/284
builds/285
builds/286
builds/287
builds/288
builds/29
builds/290
builds/291
builds/292
builds/293
builds/294
builds/295
builds/296
builds/297
builds/298
builds/299
builds/3
builds/30
builds/300
builds/301
builds/302
builds/303
builds/304
builds/305
builds/306
builds/307
builds/308
builds/309
builds/31
builds/310
builds/311
builds/312
builds/313
builds/314
builds/316
builds/317
builds/318
builds/319
builds/32
builds/320
builds/321
builds/322
builds/323
builds/324
builds/325
builds/326
builds/327
builds/328
builds/329
builds/33
builds/330
builds/331
builds/332
builds/333
builds/334
builds/335
builds/336
builds/338
builds/339
builds/34
builds/340
builds/341
builds/342
builds/343
builds/344
builds/345
builds/346
builds/348
builds/35
builds/350
builds/352
builds/353
builds/354
builds/355
builds/356
builds/357
builds/358
builds/359
builds/36
builds/361
builds/362
builds/363
builds/364
builds/365
builds/368
builds/369
builds/37
builds/370
builds/371
builds/372
builds/373
builds/374
builds/375
builds/39
builds/4
builds/40
builds/41
builds/42
builds/43
builds/44
builds/46
builds/47
builds/48
builds/49
builds/5
builds/50
builds/51
builds/52
builds/53
builds/54
builds/55
builds/56
builds/57
builds/58
builds/59
builds/6
builds/60
builds/62
builds/63
builds/64
builds/65
builds/66
builds/67
builds/68
builds/69
builds/7
builds/70
builds/71
builds/72
builds/73
builds/74
builds/75
builds/77
builds/81
builds/82
builds/83
builds/85
builds/86
builds/88
builds/89
builds/9
builds/90
builds/92
builds/93
builds/94
builds/95
builds/96
builds/97
builds/98
builds/99
changes/10
changes/100
changes/101
changes/102
changes/103
changes/104
changes/105
changes/106
changes/107
changes/108
changes/109
changes/11
changes/110
changes/111
changes/112
changes/113
changes/114
changes/115
changes/116
changes/117
changes/118
changes/119
changes/12
changes/120
changes/121
changes/122
changes/123
changes/124
changes/125
changes/126
changes/127
changes/128
changes/13
changes/130
changes/131
changes/132
changes/133
changes/134
changes/135
changes/136
changes/137
changes/138
changes/139
changes/14
changes/140
changes/141
changes/142
changes/143
changes/144
changes/145
changes/146
changes/147
changes/148
changes/149
changes/15
changes/150
changes/151
changes/152
changes/153
changes/154
changes/155
changes/156
changes/157
changes/158
changes/16
changes/160
changes/161
changes/162
changes/163
changes/164
changes/165
changes/166
changes/167
changes/168
changes/169
changes/17
changes/170
changes/171
changes/172
changes/173
changes/174
changes/176
changes/177
changes/178
changes/179
changes/18
changes/180
changes/181
changes/182
changes/183
changes/184
changes/185
changes/186
changes/187
changes/188
changes/189
changes/19
changes/190
changes/191
changes/192
changes/193
changes/194
changes/195
changes/196
changes/197
changes/198
changes/199
changes/2
changes/20
changes/200
changes/201
changes/202
changes/203
changes/204
changes/205
changes/206
changes/207
changes/209
changes/21
changes/210
changes/211
changes/212
changes/213
changes/214
changes/215
changes/216
changes/217
changes/218
changes/219
changes/22
changes/220
changes/221
changes/222
changes/223
changes/224
changes/225
changes/226
changes/227
changes/228
changes/229
changes/23
changes/230
changes/231
changes/232
changes/233
changes/234
changes/235
changes/236
changes/237
changes/238
changes/239
changes/24
changes/240
changes/241
changes/242
changes/243
changes/244
changes/245
changes/246
changes/247
changes/248
changes/249
changes/25
changes/250
changes/251
changes/254
changes/255
changes/256
changes/257
changes/258
changes/259
changes/26
changes/260
changes/262
changes/263
changes/264
changes/265
changes/266
changes/267
changes/268
changes/269
changes/27
changes/270
changes/271
changes/272
changes/273
changes/274
changes/275
changes/276
changes/277
changes/278
changes/279
changes/28
changes/280
changes/281
changes/282
changes/283
changes/284
changes/285
changes/286
changes/287
changes/288
changes/29
changes/290
changes/291
changes/292
changes/293
changes/294
changes/295
changes/296
changes/297
changes/298
changes/299
changes/3
changes/30
changes/300
changes/301
changes/302
changes/303
changes/304
changes/305
changes/306
changes/307
changes/308
changes/309
changes/31
changes/310
changes/311
changes/312
changes/313
changes/314
changes/316
changes/317
changes/318
changes/319
changes/32
changes/320
changes/321
changes/322
changes/323
changes/324
changes/325
changes/326
changes/327
changes/328
changes/329
changes/33
changes/330
changes/331
changes/332
changes/333
changes/334
changes/335
changes/336
changes/338
changes/339
changes/34
changes/340
changes/341
changes/342
changes/343
changes/344
changes/345
changes/346
changes/348
changes/35
changes/350
changes/352
changes/353
changes/354
changes/355
changes/356
changes/357
changes/358
changes/359
changes/36
changes/361
changes/362
changes/363
changes/364
changes/365
changes/368
changes/369
changes/37
changes/370
changes/371
changes/372
changes/373
changes/374
changes/375
changes/39
changes/4
changes/40
changes/41
changes/42
changes/43
changes/44
changes/46
changes/47
changes/48
changes/49
changes/5
changes/50
changes/51
changes/52
changes/53
changes/54
changes/55
changes/56
changes/57
changes/58
changes/59
changes/6
changes/60
changes/61
changes/62
changes/63
changes/64
changes/65
changes/66
changes/67
changes/68
changes/69
changes/7
changes/70
changes/71
changes/72
changes/73
changes/74
changes/75
changes/76
changes/77
changes/79
changes/8
changes/81
changes/82
changes/83
changes/85
changes/86
changes/88
changes/89
changes/9
changes/90
changes/92
changes/93
changes/94
changes/95
changes/96
changes/97
changes/98
changes/99
hudson-1_387
hudson-1_388
hudson-1_389
hudson-1_390
hudson-1_391
hudson-1_392
hudson-1_393
hudson-1_394
hudson-1_395
jenkins-1_396
jenkins-1_397
jenkins-1_398
jenkins-1_399
jenkins-1_400
jenkins-1_401
jenkins-1_402
jenkins-1_403
jenkins-1_404
jenkins-1_405
jenkins-1_406
jenkins-1_407
jenkins-1_408
jenkins-1_409
jenkins-1_410
jenkins-1_411
jenkins-1_412
jenkins-1_413
jenkins-1_414
jenkins-1_415
list
untagged-e3a154d27f5bd99802eb
jenkins-1.*
jenkins-1.416
jenkins-1.417
jenkins-1.418
jenkins-1.419
jenkins-1.420
jenkins-1.421
jenkins-1.422
jenkins-1.423
jenkins-1.424
jenkins-1.425
jenkins-1.426
jenkins-1.427
jenkins-1.428
jenkins-1.429
jenkins-1.430
jenkins-1.431
jenkins-1.432
jenkins-1.433
jenkins-1.434
jenkins-1.435
jenkins-1.436
jenkins-1.437
jenkins-1.438
jenkins-1.439
jenkins-1.440
jenkins-1.441
jenkins-1.442
jenkins-1.443
jenkins-1.444
jenkins-1.445
jenkins-1.446
jenkins-1.447
jenkins-1.448
jenkins-1.449
jenkins-1.450
jenkins-1.451
jenkins-1.452
jenkins-1.453
jenkins-1.454
jenkins-1.455
jenkins-1.456
jenkins-1.457
jenkins-1.458
jenkins-1.459
jenkins-1.460
jenkins-1.461
jenkins-1.462
jenkins-1.463
jenkins-1.464
jenkins-1.465
jenkins-1.466
jenkins-1.467
jenkins-1.468
jenkins-1.469
jenkins-1.470
jenkins-1.471
jenkins-1.472
jenkins-1.473
jenkins-1.474
jenkins-1.475
jenkins-1.477
jenkins-1.478
jenkins-1.479
jenkins-1.480
jenkins-1.481
jenkins-1.482
jenkins-1.483
jenkins-1.484
jenkins-1.485
jenkins-1.486
jenkins-1.487
jenkins-1.488
jenkins-1.489
jenkins-1.490
jenkins-1.491
jenkins-1.492
jenkins-1.493
jenkins-1.494
jenkins-1.495
jenkins-1.496
jenkins-1.497
jenkins-1.498
jenkins-1.499
jenkins-1.500
jenkins-1.501
jenkins-1.502
jenkins-1.503
jenkins-1.504
jenkins-1.505
jenkins-1.506
jenkins-1.507
jenkins-1.508
jenkins-1.509
jenkins-1.510
jenkins-1.511
jenkins-1.512
jenkins-1.513
jenkins-1.514
jenkins-1.515
jenkins-1.516
jenkins-1.517
jenkins-1.518
jenkins-1.519
jenkins-1.520
jenkins-1.521
jenkins-1.522
jenkins-1.523
jenkins-1.524
jenkins-1.525
jenkins-1.526
jenkins-1.527
jenkins-1.528
jenkins-1.529
jenkins-1.530
jenkins-1.531
jenkins-1.532
jenkins-1.533
jenkins-1.534
jenkins-1.535
jenkins-1.536
jenkins-1.537
jenkins-1.538
jenkins-1.539
jenkins-1.540
jenkins-1.541
jenkins-1.542
jenkins-1.543
jenkins-1.544
jenkins-1.545
jenkins-1.546
jenkins-1.547
jenkins-1.548
jenkins-1.549
jenkins-1.550
jenkins-1.551
jenkins-1.552
jenkins-1.553
jenkins-1.554
jenkins-1.555
jenkins-1.556
jenkins-1.557
jenkins-1.558
jenkins-1.559
jenkins-1.560
jenkins-1.561
jenkins-1.562
jenkins-1.563
jenkins-1.564
jenkins-1.565
jenkins-1.566
jenkins-1.567
jenkins-1.568
jenkins-1.569
jenkins-1.570
jenkins-1.571
jenkins-1.572
jenkins-1.573
jenkins-1.574
jenkins-1.575
jenkins-1.576
jenkins-1.577
jenkins-1.578
jenkins-1.579
jenkins-1.580
jenkins-1.580.1
jenkins-1.580.2
jenkins-1.580.3
jenkins-1.580.3-rc1
jenkins-1.581
jenkins-1.582
jenkins-1.583
jenkins-1.584
jenkins-1.585
jenkins-1.586
jenkins-1.587
jenkins-1.588
jenkins-1.589
jenkins-1.590
jenkins-1.591
jenkins-1.592
jenkins-1.593
jenkins-1.594
jenkins-1.595
jenkins-1.596
jenkins-1.596.1
jenkins-1.596.2
jenkins-1.596.2-rc1
jenkins-1.596.3
jenkins-1.597
jenkins-1.598
jenkins-1.599
jenkins-1.600
jenkins-1.601
jenkins-1.602
jenkins-1.604
jenkins-1.605
jenkins-1.606
jenkins-1.607
jenkins-1.608
jenkins-1.609
jenkins-1.609.1
jenkins-1.609.1-rc1
jenkins-1.609.2
jenkins-1.609.2-rc1
jenkins-1.609.3
jenkins-1.610
jenkins-1.611
jenkins-1.612
jenkins-1.613
jenkins-1.614
jenkins-1.615
jenkins-1.616
jenkins-1.617
jenkins-1.618
jenkins-1.619
jenkins-1.620
jenkins-1.621
jenkins-1.622
jenkins-1.623
jenkins-1.624
jenkins-1.625
jenkins-1.625.1
jenkins-1.625.1-rc1
jenkins-1.625.1-rc2
jenkins-1.625.2
jenkins-1.625.2-rc1
jenkins-1.625.3
jenkins-1.625.3-rc1
jenkins-1.625.3-rc2
jenkins-1.626
jenkins-1.627
jenkins-1.628
jenkins-1.629
jenkins-1.630
jenkins-1.631
jenkins-1.632
jenkins-1.633
jenkins-1.634
jenkins-1.635
jenkins-1.636
jenkins-1.637
jenkins-1.638
jenkins-1.639
jenkins-1.640
jenkins-1.641
jenkins-1.642
jenkins-1.642.1
jenkins-1.642.1-rc1
jenkins-1.642.2
jenkins-1.642.2-rc1
jenkins-1.642.3
jenkins-1.643
jenkins-1.644
jenkins-1.645
jenkins-1.646
jenkins-1.647
jenkins-1.648
jenkins-1.649
jenkins-1.650
jenkins-1.651
jenkins-1.651.1
jenkins-1.651.2
jenkins-1.651.3
jenkins-1.652
jenkins-1.653
jenkins-1.654
jenkins-1.655
jenkins-1.656
jenkins-2.*
jenkins-2.0
jenkins-2.0-alpha-1
jenkins-2.0-alpha-2
jenkins-2.0-alpha-3
jenkins-2.0-alpha-4
jenkins-2.0-beta-1
jenkins-2.0-beta-2
jenkins-2.0-rc-1
jenkins-2.1
jenkins-2.10
jenkins-2.100
jenkins-2.101
jenkins-2.102
jenkins-2.103
jenkins-2.104
jenkins-2.105
jenkins-2.106
jenkins-2.107
jenkins-2.107.1
jenkins-2.107.2
jenkins-2.107.3
jenkins-2.108
jenkins-2.109
jenkins-2.11
jenkins-2.110
jenkins-2.111
jenkins-2.112
jenkins-2.113
jenkins-2.114
jenkins-2.115
jenkins-2.116
jenkins-2.117
jenkins-2.118
jenkins-2.119
jenkins-2.12
jenkins-2.120
jenkins-2.121
jenkins-2.121.1
jenkins-2.121.2
jenkins-2.121.3
jenkins-2.122
jenkins-2.124
jenkins-2.125
jenkins-2.126
jenkins-2.127
jenkins-2.128
jenkins-2.129
jenkins-2.13
jenkins-2.130
jenkins-2.131
jenkins-2.132
jenkins-2.133
jenkins-2.134
jenkins-2.135
jenkins-2.136
jenkins-2.137
jenkins-2.138
jenkins-2.138.1
jenkins-2.138.2
jenkins-2.138.3
jenkins-2.138.4
jenkins-2.14
jenkins-2.140
jenkins-2.141
jenkins-2.142
jenkins-2.143
jenkins-2.144
jenkins-2.145
jenkins-2.146
jenkins-2.147
jenkins-2.148
jenkins-2.149
jenkins-2.15
jenkins-2.150
jenkins-2.150.1
jenkins-2.150.2
jenkins-2.150.3
jenkins-2.151
jenkins-2.152
jenkins-2.153
jenkins-2.154
jenkins-2.155
jenkins-2.156
jenkins-2.157
jenkins-2.158
jenkins-2.159
jenkins-2.16
jenkins-2.160
jenkins-2.161
jenkins-2.162
jenkins-2.163
jenkins-2.164
jenkins-2.164.1
jenkins-2.164.2
jenkins-2.164.3
jenkins-2.165
jenkins-2.166
jenkins-2.167
jenkins-2.168
jenkins-2.169
jenkins-2.17
jenkins-2.170
jenkins-2.171
jenkins-2.172
jenkins-2.173
jenkins-2.174
jenkins-2.175
jenkins-2.176
jenkins-2.176.1
jenkins-2.176.2
jenkins-2.176.3
jenkins-2.176.4
jenkins-2.177
jenkins-2.178
jenkins-2.179
jenkins-2.18
jenkins-2.180
jenkins-2.181
jenkins-2.182
jenkins-2.183
jenkins-2.184
jenkins-2.185
jenkins-2.186
jenkins-2.187
jenkins-2.189
jenkins-2.19
jenkins-2.19.1
jenkins-2.19.2
jenkins-2.19.3
jenkins-2.19.4
jenkins-2.190
jenkins-2.190.1
jenkins-2.190.2
jenkins-2.190.3
jenkins-2.191
jenkins-2.192
jenkins-2.193
jenkins-2.194
jenkins-2.195
jenkins-2.196
jenkins-2.197
jenkins-2.198
jenkins-2.199
jenkins-2.2
jenkins-2.20
jenkins-2.200
jenkins-2.201
jenkins-2.202
jenkins-2.203
jenkins-2.204
jenkins-2.204.1
jenkins-2.204.2
jenkins-2.204.3
jenkins-2.204.4
jenkins-2.204.5
jenkins-2.204.6
jenkins-2.205
jenkins-2.206
jenkins-2.207
jenkins-2.208
jenkins-2.209
jenkins-2.21
jenkins-2.210
jenkins-2.211
jenkins-2.212
jenkins-2.213
jenkins-2.214
jenkins-2.215
jenkins-2.216
jenkins-2.217
jenkins-2.218
jenkins-2.219
jenkins-2.22
jenkins-2.220
jenkins-2.221
jenkins-2.222
jenkins-2.222.1
jenkins-2.222.3
jenkins-2.222.4
jenkins-2.223
jenkins-2.224
jenkins-2.225
jenkins-2.226
jenkins-2.227
jenkins-2.228
jenkins-2.229
jenkins-2.23
jenkins-2.230
jenkins-2.231
jenkins-2.232
jenkins-2.233
jenkins-2.234
jenkins-2.235
jenkins-2.235.1
jenkins-2.235.2
jenkins-2.235.3
jenkins-2.236
jenkins-2.237
jenkins-2.238
jenkins-2.239
jenkins-2.24
jenkins-2.240
jenkins-2.241
jenkins-2.242
jenkins-2.243
jenkins-2.244
jenkins-2.245
jenkins-2.246
jenkins-2.247
jenkins-2.248
jenkins-2.249
jenkins-2.25
jenkins-2.250
jenkins-2.251
jenkins-2.252
jenkins-2.253
jenkins-2.254
jenkins-2.255
jenkins-2.256
jenkins-2.257
jenkins-2.258
jenkins-2.259
jenkins-2.26
jenkins-2.260
jenkins-2.261
jenkins-2.262
jenkins-2.263
jenkins-2.264
jenkins-2.265
jenkins-2.266
jenkins-2.267
jenkins-2.268
jenkins-2.269
jenkins-2.27
jenkins-2.270
jenkins-2.271
jenkins-2.272
jenkins-2.273
jenkins-2.274
jenkins-2.275
jenkins-2.276
jenkins-2.277
jenkins-2.278
jenkins-2.279
jenkins-2.28
jenkins-2.280
jenkins-2.281
jenkins-2.282
jenkins-2.283
jenkins-2.284
jenkins-2.285
jenkins-2.286
jenkins-2.287
jenkins-2.288
jenkins-2.289
jenkins-2.29
jenkins-2.290
jenkins-2.291
jenkins-2.292
jenkins-2.293
jenkins-2.294
jenkins-2.295
jenkins-2.296
jenkins-2.297
jenkins-2.298
jenkins-2.299
jenkins-2.3
jenkins-2.30
jenkins-2.300
jenkins-2.301
jenkins-2.302
jenkins-2.303
jenkins-2.304
jenkins-2.305
jenkins-2.306
jenkins-2.307
jenkins-2.308
jenkins-2.309
jenkins-2.31
jenkins-2.310
jenkins-2.311
jenkins-2.312
jenkins-2.313
jenkins-2.314
jenkins-2.315
jenkins-2.316
jenkins-2.317
jenkins-2.318
jenkins-2.319
jenkins-2.319.1
jenkins-2.319.1-rc
jenkins-2.319.2
jenkins-2.319.2-rc
jenkins-2.32
jenkins-2.32.1
jenkins-2.32.2
jenkins-2.32.3
jenkins-2.33
jenkins-2.34
jenkins-2.35
jenkins-2.36
jenkins-2.37
jenkins-2.38
jenkins-2.39
jenkins-2.4
jenkins-2.40
jenkins-2.41
jenkins-2.42
jenkins-2.43
jenkins-2.44
jenkins-2.45
jenkins-2.46
jenkins-2.46.1
jenkins-2.46.2
jenkins-2.46.3
jenkins-2.47
jenkins-2.48
jenkins-2.49
jenkins-2.5
jenkins-2.50
jenkins-2.51
jenkins-2.52
jenkins-2.53
jenkins-2.54
jenkins-2.55
jenkins-2.56
jenkins-2.57
jenkins-2.58
jenkins-2.59
jenkins-2.6
jenkins-2.60
jenkins-2.60.1
jenkins-2.60.2
jenkins-2.60.3
jenkins-2.61
jenkins-2.62
jenkins-2.63
jenkins-2.64
jenkins-2.65
jenkins-2.66
jenkins-2.67
jenkins-2.68
jenkins-2.69
jenkins-2.7
jenkins-2.7.1
jenkins-2.7.2
jenkins-2.7.3
jenkins-2.7.4
jenkins-2.70
jenkins-2.71
jenkins-2.72
jenkins-2.73
jenkins-2.73.1
jenkins-2.73.2
jenkins-2.73.3
jenkins-2.74
jenkins-2.75
jenkins-2.76
jenkins-2.77
jenkins-2.78
jenkins-2.79
jenkins-2.8
jenkins-2.80
jenkins-2.81
jenkins-2.82
jenkins-2.83
jenkins-2.84
jenkins-2.85
jenkins-2.86
jenkins-2.87
jenkins-2.88
jenkins-2.89
jenkins-2.89.1
jenkins-2.89.2
jenkins-2.89.3
jenkins-2.89.4
jenkins-2.9
jenkins-2.90
jenkins-2.91
jenkins-2.92
jenkins-2.93
jenkins-2.94
jenkins-2.95
jenkins-2.96
jenkins-2.97
jenkins-2.98
jenkins-2.99
prototype-1.*
prototype-1.5.1.1
prototype-1.7
Git / github.com/x-stream/xstream
Affected ranges
- Type
- GIT
- Repo
- https://github.com/x-stream/xstream
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
XSTREAM_1_4_10
XSTREAM_1_4_11
XSTREAM_1_4_11_1
XSTREAM_1_4_12
XSTREAM_1_4_13
XSTREAM_1_4_14
XSTREAM_1_4_15
XSTREAM_1_4_16
XSTREAM_1_4_17
XSTREAM_1_4_18
XSTREAM_1_4_5
XSTREAM_1_4_9
Database specific
vanir_signatures
[
{
"id": "CVE-2021-43859-29d87ff6",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "55566688760790417229342517075763677048",
"length": 181.0
},
"target": {
"file": "xstream/src/test/com/thoughtworks/acceptance/SecurityVulnerabilityTest.java",
"function": "testInstanceOfVoid"
},
"source": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"id": "CVE-2021-43859-3b92b93a",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "261717738691877522929827956336707666449",
"length": 158.0
},
"target": {
"file": "xstream/src/java/com/thoughtworks/xstream/converters/collections/CollectionConverter.java",
"function": "addCurrentElementToCollection"
},
"source": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"id": "CVE-2021-43859-42b4ae14",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "17231138287832600381894592100287068069",
"length": 381.0
},
"target": {
"file": "xstream/src/java/com/thoughtworks/xstream/core/TreeUnmarshaller.java",
"function": "convert"
},
"source": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"id": "CVE-2021-43859-43f10a94",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "220166040034801707177840403453687177859",
"length": 650.0
},
"target": {
"file": "xstream/src/test/com/thoughtworks/acceptance/SecurityVulnerabilityTest.java",
"function": "testCannotInjectEventHandler"
},
"source": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"id": "CVE-2021-43859-48fd1814",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"37669725065981372541361920149060037669",
"1754229239276929498699274070455340911",
"41982352291054190134426946505239413600",
"339132426552016436555085584248404447229",
"281190335896921026067654418042948691705",
"101836451350065470669588115209640466933",
"170069226330896549956587004495602417294",
"175405664480641811482846628989242555461",
"308344043568311556500843217578373648934",
"214661633136529325303486917787961611567",
"57524199966063753519088560374134026781",
"63361542330210864932936498280080202040",
"121377978789604838791055385342124703054",
"120564178264636159261842547107268022221",
"280309282135332622366291820899588071183",
"116140396242623306064878654562145661014",
"228659153108235947882753463685898110017",
"253465008515736530894371217708547114895",
"47604041726619113582236911670478212984",
"157827691179106628380218623395528602742",
"299357159731611816879190520786090623494",
"263325449489108397308033639618897227089",
"195855868307017984720518213082419999218",
"157827691179106628380218623395528602742",
"56570557617033010041633030400660432580",
"266269599569454697175169268514228635384"
],
"threshold": 0.9
},
"target": {
"file": "xstream/src/test/com/thoughtworks/acceptance/SecurityVulnerabilityTest.java"
},
"source": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"id": "CVE-2021-43859-59287a06",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "158675721028694727290893110113569592667",
"length": 372.0
},
"target": {
"file": "xstream/src/java/com/thoughtworks/xstream/XStream.java",
"function": "unmarshal"
},
"source": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"id": "CVE-2021-43859-827b0ed4",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "86104287393050438777889317149321611565",
"length": 219.0
},
"target": {
"file": "xstream/src/java/com/thoughtworks/xstream/converters/collections/MapConverter.java",
"function": "putCurrentEntryIntoMap"
},
"source": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"id": "CVE-2021-43859-840ebf27",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"47133092775335648767215388072869838081",
"72897891070941714057763968897150290546",
"204876188397446628625129180757218716667",
"183977537466193036774603040383124982900",
"108738211081595398246856293798472960621",
"17550906770456504535387592149065180578",
"160816637933070719777862874531377453485",
"131320530687662887544912643709547885866",
"79469178477997099640743731152801113345"
],
"threshold": 0.9
},
"target": {
"file": "xstream/src/java/com/thoughtworks/xstream/converters/extended/NamedMapConverter.java"
},
"source": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"id": "CVE-2021-43859-9f4d057d",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"7616263090923437985525346265549616761",
"211219839203299185987365307554810409985",
"73721228261296255058296875540290052237",
"239913871774152437040395752063489313149",
"117725265296903224689269951407431455617",
"126617756455122379474158532832345634375",
"158235987049869476657084451570586380240",
"314118849962306354916524331560040293068",
"96433297052028480260787407611872064849",
"325820611125133184921877174183212096326",
"275047211673991781190008335997426805456",
"251899931567808305004438430281872370011",
"177754559542579598598790658770667215612",
"118738670761640002657491233549629791713",
"71362147945938633015783245649742152827",
"239637841955745921799253626664476578801",
"136908090792826903881571180858786345652",
"226208401357142230571642567540990195204",
"5923312382624037816122342231039016977",
"256450194889914305419909032943252724007",
"209578339882724276781126381994571211439",
"207821519896740168085970131722419024131",
"89998112668629298309028616244523277223",
"257848222184230265269703082711942417201",
"231035764628361720499571828605484840546",
"48705185870131617258729178622391399075",
"334353687146338771572110171878246600462",
"164655022164759611606439376066928116229",
"38013853609415735731977596616628687320"
],
"threshold": 0.9
},
"target": {
"file": "xstream/src/java/com/thoughtworks/xstream/XStream.java"
},
"source": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"id": "CVE-2021-43859-ad6928e4",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "228474360994162782889542199712320720945",
"length": 1357.0
},
"target": {
"file": "xstream/src/java/com/thoughtworks/xstream/converters/extended/NamedMapConverter.java",
"function": "populateMap"
},
"source": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"id": "CVE-2021-43859-ad72fdf2",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"67983786004786075010774811532640513342",
"155251688185425872193164153142665759940",
"180982352636348001737525535511897856621",
"291635795756997543440780842469637458131",
"100411840036841395080916223528854409368",
"45659907922294160967612934064248224018",
"31472221394269137905746344083408247215",
"88563598898606841684968123180300453216"
],
"threshold": 0.9
},
"target": {
"file": "xstream/src/java/com/thoughtworks/xstream/converters/collections/MapConverter.java"
},
"source": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"id": "CVE-2021-43859-b91b8836",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"185869447222012862197413743734267332963",
"274937438635320053675547534042926965660",
"212113714018905300703044115447665097447",
"315082099377130877878551267537102060517",
"322595832639141750214961352993266288428",
"288516566081390833032506510066468270740",
"6674929763605018183272915908570643204",
"256753108423566523410138376942892651005"
],
"threshold": 0.9
},
"target": {
"file": "xstream/src/java/com/thoughtworks/xstream/converters/collections/CollectionConverter.java"
},
"source": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"id": "CVE-2021-43859-ccb9a04c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"136451740817690776813850310762997082518",
"105753953192027108849418635246114421000",
"118882738501084926826075990972404281301",
"212020063483191151362987575288808695462",
"287333414921625036090543832290154043373",
"9891789946521726045761755493407333519",
"5559154755073053156556721280319387054",
"238112864466872781268528486106920449733"
],
"threshold": 0.9
},
"target": {
"file": "xstream/src/java/com/thoughtworks/xstream/core/TreeUnmarshaller.java"
},
"source": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"id": "CVE-2021-43859-cf16e600",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "11964886622017048364241710368819996484",
"length": 219.0
},
"target": {
"file": "xstream/src/java/com/thoughtworks/xstream/XStream.java",
"function": "readFromStream"
},
"source": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"id": "CVE-2021-43859-df4b16d4",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "12709619694192487888878944821281014679",
"length": 873.0
},
"target": {
"file": "xstream/src/java/com/thoughtworks/xstream/XStream.java",
"function": "createObjectInputStream"
},
"source": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"id": "CVE-2021-43859-e2dd41b1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "253499341416318301251134402216259344937",
"length": 401.0
},
"target": {
"file": "xstream/src/test/com/thoughtworks/acceptance/SecurityVulnerabilityTest.java",
"function": "testCannotUseJaxwsInputStreamToDeleteFile"
},
"source": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"id": "CVE-2021-43859-f898dd1d",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"302436115647464791492807424592955265526",
"20337160572719266553945974133231939115",
"100606639916437884206076948162615070323"
],
"threshold": 0.9
},
"target": {
"file": "xstream/src/java/com/thoughtworks/xstream/security/ForbiddenClassException.java"
},
"source": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
}
]