Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation.
[
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.14.2"
}
]
},
{
"events": [
{
"introduced": "2.15.0"
},
{
"fixed": "2.15.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "34"
}
]
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36377.json"