CVE-2021-43410

Published: Dic 09, 2021 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2021-30345 Aliases: GSD-2021-43410
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: none
MEDIUM 5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: partial
Availability: none

Description

AI Translation Available

Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affected: master branch before commit 3c5d8c7 [1] of airavata-django-portal [1] https://github.com/apache/airavata-django-portal/commit/3c5d8c72bfc3eb0af8693a655a5d60f9273f8170

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0388
Percentile
0,9th
Updated

EPSS Score Trend (Last 90 Days)

116

Improper Encoding or Escaping of Output

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability Access Control
Potential Impacts:
Modify Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism
Applicable Platforms
Technologies: AI/ML, Database Server, Not Technology-Specific, Web Server
Likelihood of Exploit: High
View CWE Details
117

Improper Output Neutralization for Logs

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability Non-Repudiation
Potential Impacts:
Modify Application Data Hide Activities Execute Unauthorized Code Or Commands
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: Medium
View CWE Details
Application

Airavata Django Portal by Apache

Product Information
Vendor Apache
Product Airavata Django Portal
Version Range Affected
To 2021-12-06 (exclusive)
cpe:2.3:a:apache:airavata_django_portal:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://lists.apache.org/thread/q64h16ofdxk29soz3jj561nysnz…
Mailing List Vendor Advisory
https://lists.apache.org/thread/q64h16ofdxk29soz3jj561nysnzcrl31
https://lists.apache.org/thread/q64h16ofdxk29soz3jj561nysnz…
Mailing List Vendor Advisory
https://lists.apache.org/thread/q64h16ofdxk29soz3jj561nysnzcrl31