How severe is CVE-2021-41190?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5 out of 10.

What type of vulnerability is CVE-2021-41190?

This is classified as CWE-843, which is a common weakness in software security.

CVE-2021-41190 - MEDIUM Severity | CVSS 5

Vulnerability Description

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both “manifests” and “layers” fields or “manifests” and “config” fields if they are unable to update to version 1.0.1 of the spec.

Related Vulnerabilities

CVE-2020-13341

MEDIUM

CVSS:4.9(Medium)

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions.

CWE-8432020

CVE-2024-20662

MEDIUM

CVSS:4.9(Medium)

Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability

CWE-8432024

CVE-2025-32352

MEDIUM

CVSS:4.8(Medium)

A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpret...

CWE-8432025

CVE-2019-13118

MEDIUM

CVSS:5.3(Medium)

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, l...

CWE-8432019

CVE-2019-17639

MEDIUM

CVSS:5.3(Medium)

In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafte...

CWE-8432019

CVE-2021-31344

MEDIUM

CVSS:5.3(Medium)

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNE...

CWE-8432021