XStream.ServiceNameIterator.CVE-2021-21349.SSRF
Description
This indicates an attack attempt to exploit a Server-Side Request Forgery Vulnerability in XStream.
The vulnerability is due to improper sanitizing of unmarshalled xml stream data. A remote attacker can exploit this to inject or replace objects in the processed input stream.
Affected Products
XStream 1.4.15 or below
Impact
Privilege Escalation: Remote attackers can leverage their privileges on vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://github.com/x-stream/xstream/security/advisories/GHSA-f6hm-88x3-mfjv
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |