CVE-2021-3529

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-3529
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3529.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-3529
Published
2021-06-02T17:15:08Z
Modified
2024-09-03T03:51:13.053873Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity.

References

Affected packages

Git / github.com/noobaa/noobaa-operator

Affected ranges

Type
GIT
Repo
https://github.com/noobaa/noobaa-operator
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v0.*

v0.1.0

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.1.0
v1.2.0

v2.*

v2.0.0
v2.0.1
v2.0.1-rc.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5