How severe is CVE-2021-21343?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-21343?

This is classified as CWE-73, which is a common weakness in software security.

CVE-2021-21343 - HIGH Severity | CVSS 7.5

Vulnerability Description

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Related Vulnerabilities

CVE-2018-14820

HIGH

CVSS:7.5(High)

Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.

CWE-732018

CVE-2018-7495

HIGH

CVSS:7.5(High)

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce...

CWE-732018

CVE-2021-3845

HIGH

CVSS:7.5(High)

ws-scrcpy is vulnerable to External Control of File Name or Path

CWE-732021

CVE-2022-42732

HIGH

CVSS:7.5(High)

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could...

CWE-732022

CVE-2022-42733

HIGH

CVSS:7.5(High)

CWE-732022

CVE-2022-42734

HIGH

CVSS:7.5(High)

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that coul...

CWE-732022