Search for vulnerabilities
Vulnerability details: VCID-r32d-wxg1-aaap
Vulnerability ID VCID-r32d-wxg1-aaap
Aliases BIT-2021-31542
BIT-django-2021-31542
CVE-2021-31542
GHSA-rxjp-mfm9-w4wr
PYSEC-2021-7
Summary In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-434 Unrestricted Upload of File with Dangerous Type
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31542.html
rhas Moderate https://access.redhat.com/errata/RHSA-2021:4702
rhas Moderate https://access.redhat.com/errata/RHSA-2021:5070
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31542.json
epss 0.00200 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.00200 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.00200 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.00200 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.02413 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.02488 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.02488 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.02488 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03109 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03109 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03109 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03109 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03793 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03793 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03793 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03793 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03793 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03793 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03793 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03793 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03793 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03793 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03793 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03874 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03874 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03874 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03874 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03874 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03874 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03874 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03874 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03874 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03874 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03874 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03874 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03874 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03874 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.03874 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04357 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04711 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04711 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04711 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.04711 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
epss 0.06805 https://api.first.org/data/v1/epss?cve=CVE-2021-31542
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1954294
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31542
cvssv3.1 7.3 https://docs.djangoproject.com/en/3.2/releases/security
generic_textual HIGH https://docs.djangoproject.com/en/3.2/releases/security
generic_textual Medium https://docs.djangoproject.com/en/3.2/releases/security/
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-rxjp-mfm9-w4wr
cvssv3.1 3.7 https://github.com/django/django
generic_textual MODERATE https://github.com/django/django
cvssv3.1 7.5 https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d
generic_textual HIGH https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d
cvssv3.1 7.5 https://github.com/django/django/commit/25d84d64122c15050a0ee739e859f22ddab5ac48
generic_textual HIGH https://github.com/django/django/commit/25d84d64122c15050a0ee739e859f22ddab5ac48
cvssv3.1 7.5 https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007
generic_textual HIGH https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007
cvssv3.1 7.5 https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-7.yaml
generic_textual HIGH https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-7.yaml
cvssv3.1 3.7 https://groups.google.com/forum/#%21forum/django-announce
generic_textual MODERATE https://groups.google.com/forum/#%21forum/django-announce
cvssv3.1 7.5 https://groups.google.com/forum/#!forum/django-announce
generic_textual HIGH https://groups.google.com/forum/#!forum/django-announce
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
cvssv3.1 6.1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2021-31542
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-31542
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-31542
archlinux Low https://security.archlinux.org/AVG-1910
cvssv3.1 7.5 https://security.netapp.com/advisory/ntap-20210618-0001
generic_textual HIGH https://security.netapp.com/advisory/ntap-20210618-0001
generic_textual Medium https://ubuntu.com/security/notices/USN-4932-1
generic_textual Medium https://ubuntu.com/security/notices/USN-4932-2
cvssv3.1 7.5 https://www.djangoproject.com/weblog/2021/may/04/security-releases
generic_textual HIGH https://www.djangoproject.com/weblog/2021/may/04/security-releases
cvssv3.1 7.5 http://www.openwall.com/lists/oss-security/2021/05/04/3
generic_textual HIGH http://www.openwall.com/lists/oss-security/2021/05/04/3
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31542.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31542.json
https://api.first.org/data/v1/epss?cve=CVE-2021-31542
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31542
https://docs.djangoproject.com/en/3.2/releases/security
https://docs.djangoproject.com/en/3.2/releases/security/
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/django/django
https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d
https://github.com/django/django/commit/25d84d64122c15050a0ee739e859f22ddab5ac48
https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007
https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-7.yaml
https://groups.google.com/forum/#%21forum/django-announce
https://groups.google.com/forum/#!forum/django-announce
https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
https://security.netapp.com/advisory/ntap-20210618-0001
https://security.netapp.com/advisory/ntap-20210618-0001/
https://ubuntu.com/security/notices/USN-4932-1
https://ubuntu.com/security/notices/USN-4932-2
https://www.djangoproject.com/weblog/2021/may/04/security-releases
https://www.djangoproject.com/weblog/2021/may/04/security-releases/
http://www.openwall.com/lists/oss-security/2021/05/04/3
1954294 https://bugzilla.redhat.com/show_bug.cgi?id=1954294
988053 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988053
AVG-1910 https://security.archlinux.org/AVG-1910
cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
CVE-2021-31542 https://nvd.nist.gov/vuln/detail/CVE-2021-31542
GHSA-rxjp-mfm9-w4wr https://github.com/advisories/GHSA-rxjp-mfm9-w4wr
RHSA-2021:4702 https://access.redhat.com/errata/RHSA-2021:4702
RHSA-2021:5070 https://access.redhat.com/errata/RHSA-2021:5070
USN-4932-1 https://usn.ubuntu.com/4932-1/
USN-4932-2 https://usn.ubuntu.com/4932-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31542.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://docs.djangoproject.com/en/3.2/releases/security
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/django/django/commit/25d84d64122c15050a0ee739e859f22ddab5ac48
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-7.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://groups.google.com/forum/#%21forum/django-announce
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#!forum/django-announce
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-31542
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-31542
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-31542
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20210618-0001
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.djangoproject.com/weblog/2021/may/04/security-releases
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2021/05/04/3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.57649
EPSS Score 0.00200
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.