CVE-2021-37533
ADVISORY - githubSummary
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.
EPSS Score: 0.00249 (0.480)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Input Validation
ADVISORY - github
Improper Input Validation
ADVISORY - gitlab
ADVISORY - redhat
Improper Input Validation
NIST
CREATED
UPDATED
ADVISORY IDCVE-2021-37533
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.5mediumGitHub
CREATED
UPDATED
ADVISORY IDGHSA-cgp8-4m63-fhh5
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.5mediumDebian
CREATED
UPDATED
ADVISORY IDCVE-2021-37533
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2021-37533
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
6.5mediumRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2021-37533
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.5mediumChainguard
CREATED
UPDATED
ADVISORY ID
CGA-2fw7-3rrc-xgm6
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-3rff-fjqg-w9h2
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-