9.8
CVE-2021-29476
- EPSS 2.22%
- Veröffentlicht 27.04.2021 21:15:08
- Zuletzt bearbeitet 21.11.2024 06:01:13
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginWordPress Core < 5.5.3 - PHP Object Injection Gadget
Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0.
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 3.7.35, 3.8.35, 3.9.33, 4.0.32, 4.1.32, 4.2.29, 4.3.25, 4.4.24, 4.5.23, 4.6.20, 4.7.19, 4.8.15, 4.9.16, 5.0.11, 5.1.8, 5.2.9, 5.3.6, 5.4.4, 5.5.3
Weitere Schwachstelleninformationen
SystemWordPress Core
≫
Produkt
WordPress
Version
[*, 3.7)
Version
[3.7, 3.7.35)
Version
[3.8, 3.8.35)
Version
[3.9, 3.9.33)
Version
[4.0, 4.0.32)
Version
[4.1, 4.1.32)
Version
[4.2, 4.2.29)
Version
[4.3, 4.3.25)
Version
[4.4, 4.4.24)
Version
[4.5, 4.5.23)
Version
[4.6, 4.6.20)
Version
[4.7, 4.7.19)
Version
[4.8, 4.8.15)
Version
[4.9, 4.9.16)
Version
[5.0, 5.0.11)
Version
[5.1, 5.1.8)
Version
[5.2, 5.2.9)
Version
[5.3, 5.3.6)
Version
[5.4, 5.4.4)
Version
[5.5, 5.5.3)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.22% | 0.83 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| security-advisories@github.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.