VDB
CVE-2021-28117
CVE-2021-28117
PUBLISHED
CVSS 5 MEDIUM
libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.)
EPSS 0.70% · 72.3th percentile
Risk Scores
CVSS v2.0
5
EPSS Score
0.70%
72.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| kde | discover | 0 |
| n/a | n/a | n/a |
Timeline
- Mar 20, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
References
- https://userbase.kde.org/Discover url
- https://github.com/KDE/discover/releases url
- https://kde.org/info/security/advisory-20210310-1.txt url
- https://invent.kde.org/plasma/discover/commit/94478827aab63d2e2321f0ca9ec5553718798e60 url
- https://github.com/KDE/discover/commit/fcd3b30552bf03a384b1a16f9bb8db029c111356 url
- https://nvd.nist.gov/vuln/detail/CVE-2021-28117 advisory