exploitDog

CVE-2021-39360

Опубликовано: 22 авг. 2021

Источник: debian

Описание

In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libzapojit	unfixed			package
libzapojit	no-dsa		bullseye	package
libzapojit	no-dsa		buster	package
libzapojit	postponed		stretch	package

Примечания

https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
https://gitlab.gnome.org/GNOME/libzapojit/-/issues/4

Связанные уязвимости

CVE-2021-39360

CVSS3: 5.9

ubuntu

больше 4 лет назад

In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

CVE-2021-39360

CVSS3: 7.5

redhat

больше 4 лет назад

In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

CVE-2021-39360

CVSS3: 5.9

nvd

больше 4 лет назад

In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

SUSE-SU-2022:3267-1

suse-cvrf

больше 3 лет назад

Security update for libzapojit

SUSE-SU-2022:3266-1

suse-cvrf

больше 3 лет назад

Security update for libzapojit