CVE-2021-3694
- Source
- https://cve.org/CVERecord?id=CVE-2021-3694
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3694.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-3694
- Downstream
- Published
- 2021-08-23T13:15:07.780Z
- Modified
- 2026-03-14T14:58:07.114621Z
- Severity
-
- 9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
- References
Affected packages
Git / github.com/ledgersmb/ledgersmb
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ledgersmb/ledgersmb
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroducedLast affectedFixed
- Database specific
{ "versions": [ { "introduced": "1.3.0" }, { "last_affected": "1.3.47" }, { "introduced": "1.4.0" }, { "last_affected": "1.4.42" }, { "introduced": "1.5.0" }, { "last_affected": "1.5.30" }, { "introduced": "1.6.0" }, { "last_affected": "1.6.33" }, { "introduced": "1.7.0" }, { "last_affected": "1.7.32" }, { "introduced": "1.8.0" }, { "last_affected": "1.8.17" } ] }
Affected versions
1.*
1.4.0
1.4.1-2
1.4.10
1.4.11
1.4.13
1.4.15
1.4.16
1.4.17
1.4.18
1.4.19
1.4.2
1.4.20
1.4.21
1.4.22
1.4.23
1.4.24
1.4.25
1.4.26
1.4.27
1.4.28
1.4.29
1.4.3
1.4.30
1.4.31
1.4.32
1.4.33
1.4.34
1.4.35
1.4.36
1.4.37
1.4.38
1.4.39
1.4.4
1.4.40
1.4.41
1.4.42
1.4.5
1.4.8
1.4.8--rc2
1.4.8-rc1
1.4.9
1.4.9-3
1.5.0
1.5.1
1.5.10
1.5.11
1.5.12
1.5.13
1.5.14
1.5.15
1.5.16
1.5.17
1.5.18
1.5.19
1.5.2
1.5.20
1.5.21
1.5.22
1.5.23
1.5.24
1.5.25
1.5.26
1.5.27
1.5.28
1.5.29
1.5.3
1.5.30
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.6.0
1.6.1
1.6.10
1.6.11
1.6.12
1.6.13
1.6.14
1.6.15
1.6.16
1.6.17
1.6.18
1.6.19
1.6.2
1.6.20
1.6.21
1.6.22
1.6.23
1.6.24
1.6.25
1.6.26
1.6.27
1.6.28
1.6.29
1.6.3
1.6.30
1.6.31
1.6.32
1.6.33
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9
1.7.0
1.7.1
1.7.10
1.7.11
1.7.12
1.7.13
1.7.14
1.7.15
1.7.16
1.7.17
1.7.18
1.7.19
1.7.2
1.7.20
1.7.21
1.7.22
1.7.23
1.7.24
1.7.25
1.7.26
1.7.27
1.7.28
1.7.29
1.7.3
1.7.30
1.7.31
1.7.32
1.7.4
1.7.5
1.7.6
1.7.7
1.7.8
1.7.9
1.8.0
1.8.1
1.8.10
1.8.11
1.8.12
1.8.13
1.8.14
1.8.15
1.8.16
1.8.17
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.8.8
1.8.9
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3694.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "1.1.0"
},
{
"last_affected": "1.1.12"
}
]
},
{
"events": [
{
"introduced": "1.2.0"
},
{
"last_affected": "1.2.26"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.0"
}
]
}
]