How severe is CVE-2021-39172?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2021-39172?

This is classified as CWE-93, which is a common weakness in software security.

CVE-2021-39172 - HIGH Severity | CVSS 8.8

Vulnerability Description

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of new lines characters in new configuration values. As a workaround, only allow trusted source IP addresses to access to the administration dashboard.

Related Vulnerabilities

CVE-2023-26130

HIGH

CVSS:8.8(High)

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete ...

CWE-932023

CVE-2023-38551

HIGH

CVSS:8.2(High)

A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting...

CWE-932023

CVE-2024-20337

HIGH

CVSS:8.2(High)

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user....

CWE-932024

CVE-2017-15400

HIGH

CVSS:7.8(High)

Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD f...

CWE-932017

CVE-2024-45302

HIGH

CVSS:7.8(High)

RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to `RestRequest.AddHeader` (the header value) is vulnerable to CRLF injection. The same applies to `RestRequest.AddOrUpdate...

CWE-932024

CVE-2022-0666

HIGH

CVSS:7.6(High)

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.

CWE-932022