VDB

CVE-2021-36377

CVE-2021-36377 PUBLISHED CVSS 7.5 HIGH

Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation.

EPSS 0.10% · 28.1th percentile

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.10%
28.1th percentile

Affected Products

VendorProductVersions
fedoraprojectfedora34
n/an/an/a
fossil-scmfossil0, 2.15.0

Timeline

  • Jul 12, 2021 CVE Published
  • Jul 13, 2021 EPSS Score
  • Sep 11, 2021 EPSS Score
  • Nov 9, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 9, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 7, 2022 EPSS Score
  • Jul 6, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Nov 4, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›