Lucene search
HistoryAug 25, 2022 - 8:15 p.m.
CVE-2021-3914
smallrye health metrics
sanitize user inputs
cross-site scripting
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
33.5%
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.
Affected configurations
Node
redhatbuild_of_quarkusRange<2.7.5
ORredhatbuild_of_quarkusMatch-text-only
ORredhatopenshift_application_runtimesMatch1.0
ORredhatsmallrye_healthMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | build_of_quarkus | * | cpe:2.3:a:redhat:build_of_quarkus:*:*:*:*:*:*:*:* |
| redhat | build_of_quarkus | - | cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:text-only:*:*:* |
| redhat | openshift_application_runtimes | 1.0 | cpe:2.3:a:redhat:openshift_application_runtimes:1.0:*:*:*:*:*:*:* |
| redhat | smallrye_health | - | cpe:2.3:a:redhat:smallrye_health:-:*:*:*:*:*:*:* |
Related
github
github
SmallRye Health UI Cross-site Scripting vulnerability
2022-08-26 00:03:29
cve
cve
CVE-2021-3914
2022-08-25 20:15:09
cvelist
cvelist
CVE-2021-3914
2022-08-25 19:36:49
redhatcve
redhatcve
CVE-2021-3914
2022-02-21 09:32:42
prion
prion
Cross site scripting
2022-08-25 20:15:00
osv
osv
SmallRye Health UI Cross-site Scripting vulnerability
2022-08-26 00:03:29
redhat
redhat
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
33.5%
Related for NVD:CVE-2021-3914