CVE-2021-39365

In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

References

Affected packages

Git / github.com/gnome/grilo

Affected ranges

Type

GIT

Repo

https://github.com/gnome/grilo

Events

Introduced

Last affected

b3372233ee509676ab4408f049549c1020cff7a1

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.3.13"
        }
    ]
}

Affected versions

grilo-0.*

grilo-0.1.1

grilo-0.1.10

grilo-0.1.11

grilo-0.1.12

grilo-0.1.13

grilo-0.1.14

grilo-0.1.15

grilo-0.1.2

grilo-0.1.3

grilo-0.1.4

grilo-0.1.5

grilo-0.1.6

grilo-0.1.7

grilo-0.1.8

grilo-0.1.9

grilo-0.2.0

grilo-0.2.10

grilo-0.2.11

grilo-0.2.12

grilo-0.2.2

grilo-0.2.3

grilo-0.2.4

grilo-0.2.5

grilo-0.2.6

grilo-0.2.7

grilo-0.2.8

grilo-0.2.9

grilo-0.3.0

grilo-0.3.1

grilo-0.3.10

grilo-0.3.11

grilo-0.3.12

grilo-0.3.13

grilo-0.3.2

grilo-0.3.4

grilo-0.3.5

grilo-0.3.6

grilo-0.3.7

grilo-0.3.8

grilo-0.3.9

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39365.json"