How severe is CVE-2021-4287?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2021-4287?

This is classified as CWE-61, which is a common weakness in software security.

CVE-2021-4287

MEDIUM Year: 2021

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-61

View all →

Vulnerability Description

A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 is able to address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876.

CVE-2019-16775

MEDIUM

CVSS:6.5(Medium)

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon ...

CWE-612019

CVE-2021-1145

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this ...

CWE-612021

CVE-2021-32508

MEDIUM

CVSS:6.5(Medium)

Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parame...

CWE-612021

CVE-2021-32509

MEDIUM

CVSS:6.5(Medium)

Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path paramete...

CWE-612021

CVE-2022-3592

MEDIUM

CVSS:6.5(Medium)

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the ...

CWE-612022

CVE-2019-11246

MEDIUM

CVSS:6.4(Medium)

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over th...

CWE-612019

CVE-2021-4287

Vulnerability Description

Related Vulnerabilities

CVE-2019-16775

CVE-2021-1145

CVE-2021-32508

CVE-2021-32509

CVE-2022-3592

CVE-2019-11246