How severe is CVE-2021-39150?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.5 out of 10.

What type of vulnerability is CVE-2021-39150?

This is classified as CWE-502, which is a common weakness in software security.

CVE-2021-39150 - HIGH Severity | CVSS 8.5

Vulnerability Description

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.

Related Vulnerabilities

CVE-2021-39152

HIGH

CVSS:8.5(High)

CWE-5022021

CVE-2024-32603

HIGH

CVSS:8.5(High)

Deserialization of Untrusted Data vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.20.

CWE-5022024

CVE-2024-32876

HIGH

CVSS:8.5(High)

NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.1...

CWE-5022024

CVE-2024-3301

HIGH

CVSS:8.5(High)

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution.

CWE-5022024

CVE-2024-35780

HIGH

CVSS:8.5(High)

Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.42.

CWE-5022024

CVE-2025-27925

HIGH

CVSS:8.5(High)

Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.

CWE-5022025