https://db.gcve.eu/sightings/feedMost recent sightings.2026-06-06T06:08:59.150296+00:00Vulnerability-Lookupinfo@gcve.eupython-feedgenContains only the most 10 recent sightings.https://db.gcve.eu/sighting/038987a3-7c56-44d8-b656-526f8af73ddd/export038987a3-7c56-44d8-b656-526f8af73ddd2026-06-06T06:08:59.568867+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "038987a3-7c56-44d8-b656-526f8af73ddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-RMR5-CPV2-VGJF", "type": "seen", "source": "https://t.me/arpsyndicate/3229", "content": "#ExploitObserverAlert\n\nCVE-2021-43859\n\nDESCRIPTION: Exploit Observer has 11 entries in 5 file formats related to CVE-2021-43859. XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.\n\nFIRST-EPSS: 0.012320000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2024-01-28T06:16:41.000000Z"}2024-01-28T06:16:41+00:00