VDB
CVE-2021-36377
CVE-2021-36377
PUBLISHED
CVSS 7.5 HIGH
Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation.
EPSS 0.10% · 28.1th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.10%
28.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| fedoraproject | fedora | 34 |
| n/a | n/a | n/a |
| fossil-scm | fossil | 0, 2.15.0 |
Timeline
- Jul 12, 2021 CVE Published
- Jul 13, 2021 EPSS Score
- Sep 11, 2021 EPSS Score
- Nov 9, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 9, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 7, 2022 EPSS Score
- Jul 6, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 4, 2022 EPSS Score
References
- https://fossil-scm.org/forum/forumpost/8d367e16f53d93c789d70bd3bf2c9587227bbd5c6a7b8e512cccd79007536036 url
- FEDORA-2021-8523af7a88 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-36377 advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBTRZ5HCOUTIIKJF3T37NORI4P7EVYCY url