VDB
CVE-2021-37746
CVE-2021-37746
PUBLISHED
CVSS 6.099999904632568 MEDIUM
textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.
EPSS 0.48% · 65.7th percentile
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.48%
65.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| sylpheed_project | sylpheed | 0 |
| n/a | n/a | n/a |
| claws-mail | claws-mail | 0 |
| fedoraproject | fedora | 33, 34 |
Timeline
- Jul 30, 2021 CVE Published
- Jul 31, 2021 EPSS Score
- Sep 28, 2021 EPSS Score
- Nov 26, 2021 EPSS Score
- Jan 24, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 24, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 22, 2022 EPSS Score
- Sep 18, 2022 EPSS Score
- Nov 17, 2022 EPSS Score
- Jan 15, 2023 EPSS Score
References
- https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=ac286a71ed78429e16c612161251b9ea90ccd431 url
- https://sylpheed.sraoss.jp/sylpheed/v3.7/sylpheed-3.7.0.tar.xz url
- https://claws-mail.org/download.php?file=releases/claws-mail-3.18.0.tar.xz url
- FEDORA-2021-a4e9c45f9e vendor-advisory
- FEDORA-2021-3823463b9a vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-37746 advisory
- https://git.claws-mail.org/?p=claws.git;a=commit;h=ac286a71ed78429e16c612161251b9ea90ccd431 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2QNUIWASJLPUZZKWICGCEGYJZCQE7NH url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RCJXHUSYHGVBSH2ULD7HNXLM7QNRECZ6 url