CVE-2021-4286
LOW
2,6
Source: [email protected]
Attack Vector: adjacent_network
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
Description
AI Translation Available
A vulnerability, which was classified as problematic, has been found in cocagne pysrp up to 1.0.16. This issue affects the function calculate_x of the file srp/_ctsrp.py. The manipulation leads to information exposure through discrepancy. Upgrading to version 1.0.17 is able to address this issue. The name of the patch is dba52642f5e95d3da7af1780561213ee6053195f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216875.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0017
Percentile
0,4th
Updated
EPSS Score Trend (Last 90 Days)
203
Observable Discrepancy
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Access Control
Potential Impacts:
Read Application Data
Bypass Protection Mechanism
Applicable Platforms
All platforms may be affected
Application
Pysrp by Pysrp Project
Version Range Affected
To
1.0.17
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:pysrp_project:pysrp:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/cocagne/pysrp/commit/dba52642f5e95d3da7af1780561213ee6053195f
https://github.com/cocagne/pysrp/pull/43
https://github.com/cocagne/pysrp/releases/tag/1.0.17
https://vuldb.com/?ctiid.216875
https://vuldb.com/?id.216875
https://github.com/cocagne/pysrp/commit/dba52642f5e95d3da7af1780561213ee6053195f
https://github.com/cocagne/pysrp/pull/43
https://github.com/cocagne/pysrp/releases/tag/1.0.17
https://vuldb.com/?ctiid.216875
https://vuldb.com/?id.216875