Lucene search
SnykCVELIST:CVE-2021-23447HistoryOct 07, 2021 - 4:40 p.m.
CVE-2021-23447 Cross-site Scripting (XSS)
2021-10-0716:40:12
snyk
www.cve.org
3
cve-2021-23447
cross-site scripting
package teddy
type confusion vulnerability
input sanitization bypass
model content array
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
43.8%
This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).
CNA Affected
[
{
"product": "teddy",
"vendor": "n/a",
"versions": [
{
"lessThan": "0.5.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2021-23447
2021-10-07 17:15:08
osv
osv
CVE-2021-23447
2021-10-07 17:15:08
Cross-site Scripting in teddy
2021-10-12 16:22:04
prion
prion
Type confusion
2021-10-07 17:15:00
veracode
veracode
Cross-Site Scripting (XSS)
2021-10-08 07:58:47
nvd
nvd
CVE-2021-23447
2021-10-07 17:15:08
github
github
Cross-site Scripting in teddy
2021-10-12 16:22:04
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
43.8%
Related for CVELIST:CVE-2021-23447