0.001 Low
EPSS
Percentile
42.8%
Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session.
git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2019-25031
lists.debian.org/debian-lts-announce/2021/05/msg00007.html
ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
security.netapp.com/advisory/ntap-20210507-0007/