CVE-2021-22916

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-22916

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22916.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-22916

Published

2021-07-12T11:15:07.770Z

Modified

2026-04-10T04:30:15.245612Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure.

References

https://hackerone.com/reports/1203842

Affected packages

Git / github.com/brave/brave-browser

Affected ranges

Type

GIT

Repo

https://github.com/brave/brave-browser

Events

Introduced

Last affected

95d4e4b9003597fe0cf0f8b2375dbbc1494bd14a

Database specific

{
    "versions": [
        {
            "introduced": "1.17.0"
        },
        {
            "last_affected": "1.26.60"
        }
    ]
}

Affected versions

Other

dev-latest

v0.*

v0.50.13

v0.50.14

v0.54.0

v0.54.1

v0.54.2

v0.54.3

v0.54.4

v0.55.1

v0.55.2

v0.55.3

v0.55.4

v0.55.5

v1.*

v1.26.60

v1.5.100b

v1.5.58b

v1.5.59b

v1.5.89b

v1.5.90b

v1.5.97b

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22916.json"