CVE-2021-21344

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-21344
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21344.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-21344
Aliases
Downstream
Related
Published
2021-03-23T00:15:12.677Z
Modified
2026-03-10T23:29:58.759270890Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

References

Affected packages

Git / github.com/apache/activemq

Affected ranges

Type
GIT
Repo
https://github.com/apache/activemq
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a0d4141a00ba5de4afaee160836898b41eb28065
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
86dd78b1aa64cbf0af15669c0e4af62dfae0d158
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e432a78c19e9c30b5afd84e591a428734ad55431
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.15.14"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.16.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.16.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/apache/jmeter
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7153c74dd0e860d0ca3825cc5a23e976e0242b6e
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.5"
        }
    ]
}
Type
GIT
Repo
https://github.com/mysql/mysql-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
527c12ed611f3fe072c3043734319edb2c733099
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0f460bd66c81c74c167595bedf9531585dc38684
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2f280d1bf1163dd9e9d42ceefa2fed8626bd79ab
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
34c7f5794e2821c73824ad939284dc9a5b93b8cd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0ed6d65f4c60a38e77a672fc528efd3f44bc7701
Introduced
270fd3411e3d671a73ed9725940a30080f59ce6d
Last affected
3290a66c89eb1625a7058e0ef732432b6952b435
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.3.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.3.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.4.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.7.36"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.0.27"
        }
    ]
}
Type
GIT
Repo
https://github.com/x-stream/xstream
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3dd9cc610199802e4f13bd49b02a9f99adaba145
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.4.16"
        }
    ]
}

Affected versions

5.*
5.2-rc4
Other
XSTREAM_1_4_10
XSTREAM_1_4_11
XSTREAM_1_4_11_1
XSTREAM_1_4_12
XSTREAM_1_4_13
XSTREAM_1_4_14
XSTREAM_1_4_15
XSTREAM_1_4_5
XSTREAM_1_4_9
v5_2_RC1
activemq-5.*
activemq-5.10.0
activemq-5.11.0
activemq-5.12.0
activemq-5.13.0
activemq-5.14.0
activemq-5.15.0
activemq-5.16.0
activemq-5.9.0
mysql-5.*
mysql-5.5.52
mysql-5.5.53
mysql-5.5.54
mysql-5.5.55
mysql-5.5.56
mysql-5.5.57
mysql-5.5.58
mysql-5.5.59
mysql-5.5.60
mysql-5.5.61
mysql-5.5.62
mysql-5.5.63
mysql-5.6.33
mysql-5.6.34
mysql-5.6.35
mysql-5.6.36
mysql-5.6.37
mysql-5.6.38
mysql-5.6.39
mysql-5.6.40
mysql-5.6.41
mysql-5.6.42
mysql-5.6.43
mysql-5.6.45
mysql-5.6.46
mysql-5.6.47
mysql-5.6.48
mysql-5.6.49
mysql-5.6.50
mysql-5.6.51
mysql-5.7-22-ndb-7.6.6
mysql-5.7.15
mysql-5.7.16
mysql-5.7.17
mysql-5.7.18
mysql-5.7.19
mysql-5.7.20
mysql-5.7.21
mysql-5.7.22
mysql-5.7.24
mysql-5.7.25
mysql-5.7.26
mysql-5.7.27
mysql-5.7.28
mysql-5.7.29
mysql-5.7.30
mysql-5.7.31
mysql-5.7.32
mysql-5.7.33
mysql-5.7.34
mysql-5.7.35
mysql-5.7.36
mysql-5.7.37
mysql-5.7.38
mysql-5.7.39
mysql-5.7.40
mysql-5.7.40-testing
mysql-5.7.41
mysql-5.7.42
mysql-5.7.43
mysql-5.7.44
mysql-8.*
mysql-8.0.0
mysql-8.0.1
mysql-8.0.11
mysql-8.0.12
mysql-8.0.13
mysql-8.0.14
mysql-8.0.15
mysql-8.0.16
mysql-8.0.17
mysql-8.0.18
mysql-8.0.19
mysql-8.0.2
mysql-8.0.20
mysql-8.0.21
mysql-8.0.22
mysql-8.0.23
mysql-8.0.24
mysql-8.0.25
mysql-8.0.26
mysql-8.0.27
mysql-8.0.28
mysql-8.0.29
mysql-8.0.3
mysql-8.0.30
mysql-8.0.31
mysql-8.0.32
mysql-8.0.33
mysql-8.0.34
mysql-8.0.35
mysql-8.0.36
mysql-8.0.37
mysql-8.0.4
mysql-8.1.0
mysql-8.2.0
mysql-8.3.0
mysql-8.4.0
mysql-9.*
mysql-9.0.0
mysql-9.0.0-release
mysql-cluster-7.*
mysql-cluster-7.2.24
mysql-cluster-7.2.25
mysql-cluster-7.2.26
mysql-cluster-7.2.27
mysql-cluster-7.2.28
mysql-cluster-7.2.29
mysql-cluster-7.2.30
mysql-cluster-7.2.31
mysql-cluster-7.2.32
mysql-cluster-7.2.33
mysql-cluster-7.2.34
mysql-cluster-7.2.35
mysql-cluster-7.2.37
mysql-cluster-7.2.38
mysql-cluster-7.2.39
mysql-cluster-7.2.40
mysql-cluster-7.3.13
mysql-cluster-7.3.14
mysql-cluster-7.3.15
mysql-cluster-7.3.16
mysql-cluster-7.3.17
mysql-cluster-7.3.18
mysql-cluster-7.3.19
mysql-cluster-7.3.20
mysql-cluster-7.3.21
mysql-cluster-7.3.22
mysql-cluster-7.3.23
mysql-cluster-7.3.24
mysql-cluster-7.3.25
mysql-cluster-7.3.26
mysql-cluster-7.3.27
mysql-cluster-7.3.28
mysql-cluster-7.3.29
mysql-cluster-7.3.30
mysql-cluster-7.3.31
mysql-cluster-7.3.33
mysql-cluster-7.4.11
mysql-cluster-7.4.12
mysql-cluster-7.4.13
mysql-cluster-7.4.14
mysql-cluster-7.4.15
mysql-cluster-7.4.16
mysql-cluster-7.4.17
mysql-cluster-7.4.18
mysql-cluster-7.4.19
mysql-cluster-7.4.20
mysql-cluster-7.4.21
mysql-cluster-7.4.23
mysql-cluster-7.4.24
mysql-cluster-7.4.25
mysql-cluster-7.4.26
mysql-cluster-7.4.27
mysql-cluster-7.4.28
mysql-cluster-7.4.29
mysql-cluster-7.4.30
mysql-cluster-7.4.32
mysql-cluster-7.4.33
mysql-cluster-7.4.34
mysql-cluster-7.4.35
mysql-cluster-7.4.36
mysql-cluster-7.4.37
mysql-cluster-7.4.38
mysql-cluster-7.4.39
mysql-cluster-7.5.1
mysql-cluster-7.5.10
mysql-cluster-7.5.11
mysql-cluster-7.5.12
mysql-cluster-7.5.13
mysql-cluster-7.5.14
mysql-cluster-7.5.15
mysql-cluster-7.5.16
mysql-cluster-7.5.17
mysql-cluster-7.5.18
mysql-cluster-7.5.19
mysql-cluster-7.5.2
mysql-cluster-7.5.20
mysql-cluster-7.5.21
mysql-cluster-7.5.23
mysql-cluster-7.5.24
mysql-cluster-7.5.25
mysql-cluster-7.5.26
mysql-cluster-7.5.27
mysql-cluster-7.5.28
mysql-cluster-7.5.29
mysql-cluster-7.5.3
mysql-cluster-7.5.30
mysql-cluster-7.5.31
mysql-cluster-7.5.32
mysql-cluster-7.5.33
mysql-cluster-7.5.34
mysql-cluster-7.5.4
mysql-cluster-7.5.5
mysql-cluster-7.5.6
mysql-cluster-7.5.7
mysql-cluster-7.5.8
mysql-cluster-7.5.9
mysql-cluster-7.6.10
mysql-cluster-7.6.11
mysql-cluster-7.6.12
mysql-cluster-7.6.13
mysql-cluster-7.6.14
mysql-cluster-7.6.15
mysql-cluster-7.6.16
mysql-cluster-7.6.17
mysql-cluster-7.6.19
mysql-cluster-7.6.2
mysql-cluster-7.6.20
mysql-cluster-7.6.22
mysql-cluster-7.6.23
mysql-cluster-7.6.24
mysql-cluster-7.6.25
mysql-cluster-7.6.26
mysql-cluster-7.6.27
mysql-cluster-7.6.28
mysql-cluster-7.6.29
mysql-cluster-7.6.3
mysql-cluster-7.6.30
mysql-cluster-7.6.4
mysql-cluster-7.6.5
mysql-cluster-7.6.6
mysql-cluster-7.6.7
mysql-cluster-7.6.8
mysql-cluster-7.6.9
mysql-cluster-8.*
mysql-cluster-8.0.16
mysql-cluster-8.0.18
mysql-cluster-8.0.19
mysql-cluster-8.0.20
mysql-cluster-8.0.21
mysql-cluster-8.0.22
mysql-cluster-8.0.23
mysql-cluster-8.0.24
mysql-cluster-8.0.25
mysql-cluster-8.0.26
mysql-cluster-8.0.27
mysql-cluster-8.0.28
mysql-cluster-8.0.29
mysql-cluster-8.0.30
mysql-cluster-8.0.31
mysql-cluster-8.0.32
mysql-cluster-8.0.33
mysql-cluster-8.0.34
mysql-cluster-8.0.35
mysql-cluster-8.0.36
mysql-cluster-8.0.37
mysql-cluster-8.1.0
mysql-cluster-8.2.0
mysql-cluster-8.3.0
mysql-cluster-8.4.0
mysql-cluster-9.*
mysql-cluster-9.0.0
rel/v5.*
rel/v5.2
rel/v5.2.1
rel/v5.3
rel/v5.4
rel/v5.4.1
v5.*
v5.2-rc1
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2.1-rc1
v5.2.1-rc4
v5.2.1-rc5
v5.3-rc1
v5.4-rc1
v5.4-rc2
v5.4.1-rc1
v5.4.1-rc2
v5.5-rc1
v5.5-rc2

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "34"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "35"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.12.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.7.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.12.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.2.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.5.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.1.1.9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.0.0.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.5.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.3.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.0.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "17.0.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.0.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.0.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.1.1.9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.4.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21344.json"