Ubuntu Security Notice 6978-1 - It was discovered that XStream incorrectly handled parsing of certain crafted XML documents. A remote attacker could possibly use this issue to read arbitrary files. Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream.
1afbcb0e189834043502262cef1e4fea8c4cb080deab88eb59b5f09c1040106a
Red Hat Security Advisory 2021-4918-03 - A minor version update is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, information leakage, privilege escalation, and server-side request forgery vulnerabilities.
d5c90a3e7232924ae6e8b38f5e9ef8c694af77ff921bcdb7b07c49f3c69e7068
Debian Linux Security Advisory 5004-1 - Multiple security vulnerabilities have been discovered in XStream, a Java library to serialize objects to XML and back again.
e3aca8ca24ba1bae991a19b9c891853d3fde83ade3db51bc3a65a899cca8f0ac
Red Hat Security Advisory 2021-4767-01 - This release of Red Hat Integration - Camel Extensions for Quarkus - 2.2 GA serves as a replacement for tech-preview 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, code execution, denial of service, deserialization, information leakage, resource exhaustion, and server-side request forgery vulnerabilities.
9dff15e298c722ad84d5f39cb4d850c04124d91986161bb1afd605f4e69d1c9d
Red Hat Security Advisory 2021-2476-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.11.0 serves as an update to Red Hat Decision Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.
c7ecab2767572bcae7a835e6563b631e2de5bcbbf260dbcf564ddf63104b4342
Red Hat Security Advisory 2021-2475-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.11.0 serves as an update to Red Hat Process Automation Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.
44f2a427aa38603abc596c8eab0bea14baf4d87b51fcd63235260362ce1b3c02
Red Hat Security Advisory 2021-2139-01 - Red Hat Data Grid is a distributed, in-memory data store. This release of Red Hat Data Grid 8.2.0 serves as a replacement for Red Hat Data Grid 8.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, code execution, denial of service, information leakage, and server-side request forgery vulnerabilities.
26b79e23d99e81d46adcd853630427afc565a8681dad9bf539101220d92dd7b9
Ubuntu Security Notice 4943-1 - Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. This issue affected only affected Ubuntu 20.10. It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. This issue only affected Ubuntu 20.10. Various other issues were also addressed.
dd998f8644e72fd98d617b4dba7e225b2de67f8f73e732f634c3bba0ec431eac