CVE-2021-28117

Опубликовано: 20 мар. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.)

Ссылки

https://github.com/KDE/discover/commit/fcd3b30552bf03a384b1a16f9bb8db029c111356
Patch
https://github.com/KDE/discover/releases
Third Party Advisory
https://invent.kde.org/plasma/discover/commit/94478827aab63d2e2321f0ca9ec5553718798e60
Patch
Third Party Advisory
https://kde.org/info/security/advisory-20210310-1.txt
Patch
Vendor Advisory
https://userbase.kde.org/Discover
Product
Vendor Advisory
https://github.com/KDE/discover/commit/fcd3b30552bf03a384b1a16f9bb8db029c111356
Patch
https://github.com/KDE/discover/releases
Third Party Advisory
https://invent.kde.org/plasma/discover/commit/94478827aab63d2e2321f0ca9ec5553718798e60
Patch
Third Party Advisory
https://kde.org/info/security/advisory-20210310-1.txt
Patch
Vendor Advisory
https://userbase.kde.org/Discover
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kde:discover:*:*:*:*:*:*:*:*

Версия до 5.21.3 (исключая)

EPSS

Процентиль: 72%

0.00706

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2021-28117

CVSS3: 7.5

ubuntu

почти 5 лет назад

CVE-2021-28117

CVSS3: 7.5

debian

почти 5 лет назад

libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before ...

GHSA-vr8p-gg49-j8hx

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 72%

0.00706

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo