How severe is CVE-2021-39144?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.5 out of 10.

What type of vulnerability is CVE-2021-39144?

This is classified as CWE-94, which is a common weakness in software security.

CVE-2021-39144 - HIGH Severity | CVSS 8.5

Vulnerability Description

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Related Vulnerabilities

CVE-2020-15147

HIGH

CVSS:8.5(High)

Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inj...

CWE-942020

CVE-2023-22513

HIGH

CVSS:8.5(High)

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8...

CWE-942023

CVE-2024-21513

HIGH

CVSS:8.5(High)

Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' o...

CWE-942024

CVE-2024-27191

HIGH

CVSS:8.5(High)

Improper Control of Generation of Code ('Code Injection') vulnerability in Inpersttion Slivery Extender allows Code Injection.This issue affects Slivery Extender: from n/a through 1.0.2.

CWE-942024

CVE-2024-34761

HIGH

CVSS:8.5(High)

Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection...

CWE-942024

CVE-2024-38651

HIGH

CVSS:8.5(High)

A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.

CWE-942024