CVE-2021-4277

EPSS 0.09%
Veröffentlicht 25.12.2022 11:15:11
Zuletzt bearbeitet 21.11.2024 06:37:17
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Utils Project ≫ Utils Version < 2021-05-14

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.258

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	2.6	1.2	1.4	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

CWE-341 Predictable from Observable State

A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc.

https://github.com/fredsmith/utils/commit/dbab1b66955eeb3d76b34612b358307f5c4e3944

Patch

Third Party Advisory

https://vuldb.com/?id.216749

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-4277

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-4277

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-4277

EUVD