CVE-2021-22917

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-22917

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22917.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-22917

Published

2021-07-12T11:15:07.853Z

Modified

2026-04-10T04:35:35.114570Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled.

References

https://hackerone.com/reports/1077022

Affected packages

Git / github.com/brave/brave-ios

Affected ranges

Type

GIT

Repo

https://github.com/brave/brave-ios

Events

Introduced

Fixed

e676dd6c6200ee251dda7ca6e068be3f77399ef2

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.20"
        }
    ]
}

Affected versions

1.*

1.13-public

v0.*

v0.0

v1.*

v1.10

v1.11

v1.11.2

v1.12

v1.12.1

v1.13

v1.14

v1.14.2

v1.15

v1.16

v1.16.1

v1.17

v1.19

v1.19.1

v1.19.2

v1.7

v1.7.1

v1.7.2

v1.8

v1.9

v1.9.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22917.json"