{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T09:57:45.017","vulnerabilities":[{"cve":{"id":"CVE-2021-39140","sourceIdentifier":"security-advisories@github.com","published":"2021-08-23T19:15:10.440","lastModified":"2025-05-23T16:50:34.143","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose."},{"lang":"es","value":"XStream es una sencilla biblioteca para serializar objetos a XML y viceversa. En las versiones afectadas, esta vulnerabilidad puede permitir a un atacante remoto asignar el 100% del tiempo de la CPU en el sistema de destino, dependiendo del tipo de CPU o de una ejecución en paralelo de dicha carga útil, resultando en una denegación de servicio sólo al manipular el flujo de entrada procesado. No está afectado ningún usuario que haya seguido la recomendación de configurar el framework de seguridad de XStream con una lista blanca limitada a los tipos mínimos necesarios. XStream versión 1.4.18 ya no usa una lista negra por defecto, ya que no puede ser asegurada para fines generales."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:N/A:C","baseScore":6.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"},{"lang":"en","value":"CWE-835"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"},{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xstream:xstream:*:*:*:*:*:*:*:*","versionEndExcluding":"1.4.18","matchCriteriaId":"A01843B3-11E1-4CD5-9C77-CC57B908B845"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","matchCriteriaId":"E460AA51-FCDA-46B9-AE97-E6676AA5E194"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","matchCriteriaId":"A930E247-0B43-43CB-98FF-6CE7B8189835"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","matchCriteriaId":"80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*","matchCriteriaId":"26A2B713-7D6D-420A-93A4-E0D983C983DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*","matchCriteriaId":"64DE38C8-94F1-4860-B045-F33928F676A8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"BA8461A2-428C-4817-92A9-0C671545698D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*","matchCriteriaId":"2A3622F5-5976-4BBC-A147-FC8A6431EA79"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:*","matchCriteriaId":"5A9E4125-B744-4A9D-BFE6-5D82939958FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:*","matchCriteriaId":"261212BD-125A-487F-97E8-A9587935DFE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*","matchCriteriaId":"A4CA84D6-F312-4C29-A02B-050FCB7A902B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*","matchCriteriaId":"B6B6FE82-7BFA-481D-99D6-789B146CA18B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*","matchCriteriaId":"4479F76A-4B67-41CC-98C7-C76B81050F8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*","matchCriteriaId":"0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*","matchCriteriaId":"17A91FD9-9F77-42D3-A4D9-48BC7568ADE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*","matchCriteriaId":"539DA24F-E3E0-4455-84C6-A9D96CD601B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*","matchCriteriaId":"A7637F8B-15F1-42E2-BE18-E1FF7C66587D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*","matchCriteriaId":"E43D793A-7756-4D58-A8ED-72DC4EC9CEA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*","matchCriteriaId":"490B2C44-CECD-4551-B04F-4076D0E053C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*","matchCriteriaId":"DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*","matchCriteriaId":"48EFC111-B01B-4C34-87E4-D6B2C40C0122"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*","matchCriteriaId":"073FEA23-E46A-4C73-9D29-95CFF4F5A59D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*","matchCriteriaId":"A69FB468-EAF3-4E67-95E7-DF92C281C1F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*","matchCriteriaId":"5435B365-BFF3-4A9E-B45C-42D8F1E20FB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*","matchCriteriaId":"1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_framework:4.3.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"900521A0-453C-4D97-B5EB-BADF0245370D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*","matchCriteriaId":"8DF02546-3F0D-4FDD-89B1-8A3FE43FB5BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3F906F04-39E4-4BE4-8A73-9D058AAADB43"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*","matchCriteriaId":"7B393A82-476A-4270-A903-38ED4169E431"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*","matchCriteriaId":"85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"A3ED272C-A545-4F8C-86C0-2736B3F2DCAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"D6A4F71A-4269-40FC-8F61-1D1301F2B728"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"5A502118-5B2B-47AE-82EC-1999BD841103"}]}]}],"references":[{"url":"https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://security.netapp.com/advisory/ntap-20210923-0003/","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2021/dsa-5004","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://x-stream.github.io/CVE-2021-39140.html","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://security.netapp.com/advisory/ntap-20210923-0003/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2021/dsa-5004","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://x-stream.github.io/CVE-2021-39140.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}