VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-1pw8-kzjs-aaah

Essentials
Severities (125)
References (46)
Severity details (34)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-1pw8-kzjs-aaah
Aliases	CVE-2021-27291 GHSA-pq64-v7f5-gqh8 PYSEC-2021-141
Summary	In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1333	Inefficient Regular Expression Complexity
CWE-400	Uncontrolled Resource Consumption
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27291.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:0781
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3252
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:4139
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:4150
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:4151
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json
epss	0.00556	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.00556	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.00556	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.00556	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.00958	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.00958	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.00958	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.00958	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.00958	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.00958	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.00958	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.00958	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.00958	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.00958	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.00958	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0252	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.0372	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
epss	0.06169	https://api.first.org/data/v1/epss?cve=CVE-2021-27291
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1940603
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce
generic_textual	HIGH	https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-pq64-v7f5-gqh8
cvssv3.1	5.5	https://github.com/pygments/pygments
generic_textual	MODERATE	https://github.com/pygments/pygments
cvssv3.1	7.5	https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14
generic_textual	HIGH	https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14
cvssv3.1	7.5	https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2021-27291
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-27291
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-27291
archlinux	Low	https://security.archlinux.org/AVG-1662
archlinux	Medium	https://security.archlinux.org/AVG-1775
generic_textual	Medium	https://ubuntu.com/security/notices/USN-4897-1
cvssv3.1	7.5	https://www.debian.org/security/2021/dsa-4878
generic_textual	HIGH	https://www.debian.org/security/2021/dsa-4878
cvssv3.1	7.5	https://www.debian.org/security/2021/dsa-4889
generic_textual	HIGH	https://www.debian.org/security/2021/dsa-4889

Reference id	Reference type	URL
		http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27291.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-27291
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce
		https://github.com/pygments/pygments
		https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14
		https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml
		https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html
		https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html
		https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/
		https://ubuntu.com/security/notices/USN-4897-1
		https://www.debian.org/security/2021/dsa-4878
		https://www.debian.org/security/2021/dsa-4889
1940603		https://bugzilla.redhat.com/show_bug.cgi?id=1940603
985574		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985574
AVG-1662		https://security.archlinux.org/AVG-1662
AVG-1775		https://security.archlinux.org/AVG-1775
cpe:2.3:a:pygments:pygments::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pygments:pygments::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:fedoraproject:fedora:32:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
cpe:2.3:o:fedoraproject:fedora:33:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:::::::*
CVE-2021-27291		https://nvd.nist.gov/vuln/detail/CVE-2021-27291
GHSA-pq64-v7f5-gqh8		https://github.com/advisories/GHSA-pq64-v7f5-gqh8
RHSA-2021:0781		https://access.redhat.com/errata/RHSA-2021:0781
RHSA-2021:3252		https://access.redhat.com/errata/RHSA-2021:3252
RHSA-2021:4139		https://access.redhat.com/errata/RHSA-2021:4139
RHSA-2021:4150		https://access.redhat.com/errata/RHSA-2021:4150
RHSA-2021:4151		https://access.redhat.com/errata/RHSA-2021:4151
USN-4897-1		https://usn.ubuntu.com/4897-1/
USN-4897-2		https://usn.ubuntu.com/4897-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/pygments/pygments

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-27291

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-27291

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-27291

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2021/dsa-4878

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2021/dsa-4889

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.77453
EPSS Score	0.00556
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.