VDB

CVE-2021-3529

CVE-2021-3529 PUBLISHED CVSS 7.099999904632568 HIGH

A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity.

EPSS 0.22% · 45.3th percentile

Risk Scores

CVSS 3.1
7.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score
0.22%
45.3th percentile

Affected Products

VendorProductVersions
redhatopenshift_container_platform4.0
n/anoobaa-core*
redhatnoobaa-operator0

Timeline

  • Jun 2, 2021 CVE Published
  • Jun 3, 2021 EPSS Score
  • Aug 5, 2021 EPSS Score
  • Oct 5, 2021 EPSS Score
  • Dec 5, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Apr 6, 2022 EPSS Score
  • Jun 6, 2022 EPSS Score
  • Aug 7, 2022 EPSS Score
  • Oct 7, 2022 EPSS Score
  • Dec 7, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›